Re: Fwd: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...

Thu, 30 Jun 2011 14:33:02 -0700 

On 2011-06-28 13:58, Bjoern A. Zeeb wrote:
> Begin forwarded message:
> 
>> From: "Bjoern A. Zeeb" <[email protected]>
>> Date: June 28, 2011 11:57:25 AM GMT+00:00
>> To: [email protected], [email protected], 
>> [email protected]
>> Subject: svn commit: r223637 - in head: . contrib/pf/authpf 
>> contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd 
>> sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules 
>> s...
>>
>> Author: bz
>> Date: Tue Jun 28 11:57:25 2011
>> New Revision: 223637
>> URL: http://svn.freebsd.org/changeset/base/223637
>>
>> Log:
>>  Update packet filter (pf) code to OpenBSD 4.5.
>>
>>  You need to update userland (world and ports) tools
>>  to be in sync with the kernel.
>>
>>  Submitted by:       mlaier
>>  Submitted by:       eri
> 
> 
> In short; please test!
> 

Haven't had time to test, hopefully later this weekend.

The structure pfioc_state_kill is wrong documented,
wrong documentation was also in OpenBSD45 present.
See also PR 143504.

Maybe it's also a good idea to look into the patches
submitted short after OpenBSD45 release (~2 - 6 weeks
later) before the the major rewrite has started.



from: sys/contrib/pf/net/pfvar.h
==================================
struct pfioc_state_kill {
    struct pf_state_cmp psk_pfcmp;
    sa_family_t     psk_af;
    int         psk_proto;
    struct pf_rule_addr psk_src;
    struct pf_rule_addr psk_dst;
    char            psk_ifname[IFNAMSIZ];
    char            psk_label[PF_RULE_LABEL_SIZE];
    u_int           psk_killed;
};


Fix for documentation:

Index: contrib/pf/man/pf.4
===================================================================
--- contrib/pf/man/pf.4 (revision 223637)
+++ contrib/pf/man/pf.4 (working copy)
@@ -308,7 +308,7 @@
 .It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk"
 Remove matching entries from the state table.
 This ioctl returns the number of killed states in
-.Va psk_af .
+.Va psk_killed .
 .Bd -literal
 struct pfioc_state_kill {
        sa_family_t             psk_af;
@@ -316,6 +316,8 @@
        struct pf_rule_addr     psk_src;
        struct pf_rule_addr     psk_dst;
        char                    psk_ifname[IFNAMSIZ];
+    char                       psk_label[PF_RULE_LABEL_SIZE];
+    u_int                      psk_killed;
 };
 .Ed
 .It Dv DIOCCLRSTATES Fa "struct pfioc_state_kill *psk"

_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"

Reply via email to