> On 05 Nov 2015, at 18:39, Tom Uffner <t...@uffner.com> wrote: > > Tom Uffner wrote: >> Commit r289932 causes pf rules with broadcast destinations (and some but not >> all rules after them in pf.conf) to be silently ignored. This is bad. > >> I do not understand the pf code well enough to see why this change caused >> the breakage, but I suspect that it might expose some deeper problem and >> should not simply be reverted. > > OK, so here is why I don't want to simply back this out and have a "working" > firewall again: > > Apparently PF_ANEQ was prone to false positives when comparing IPv4 addrs. > This is what r289932 and r289940 fixed. For IPv4 it does not matter where > in bits 32-127 the address mismatch occurs or what order the garbage data > is tested. That is all the paren fix in r289940 changes. It might be relevant > for v6, but doesn't matter here. > Yes, that’s right.
I haven’t yet had the time to look at your problem in any depth. I’m currently working on a different pf issue, but this one is also high on my priority list. Hopefully I’ll get round to it in the next few days, but please do prod me if you hear nothing. Regards, Kristof _______________________________________________ email@example.com mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"