[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 --- Comment #5 from Kristof Provost --- Thanks for that patch. I've not yet had the opportunity to look at the other patch (or remarks in any detail). I'll try to do so as soon as possible, but it may be some time. -- You are receiving

[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 --- Comment #4 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Sat Jun 30 12:51:08 UTC 2018 New revision: 335816 URL: https://svnweb.freebsd.org/changeset/base/335816 Log: pfsync: Fix state sync during

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 Kristof Provost changed: What|Removed |Added Status|New |Closed Resolution|---

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #23 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Fri Jun 29 16:46:20 UTC 2018 New revision: 335798 URL: https://svnweb.freebsd.org/changeset/base/335798 Log: MFC r335569: pf: Support

[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 --- Comment #3 from Kajetan Staszkiewicz --- I found another bug: states synced during initial bulk update are considered to come from incompatible ruleset, even if ruleset *is* compatible. I also must raise a question why the initial sync

[Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229404 --- Comment #3 from Eugene Grosbein --- (In reply to Kristof Provost from comment #2) I build kernel module outside of kernel build environment while having enabled VIMAGE= in /etc/src.conf, FreeBSD 11.2-STABLE/amd64, or this way: cd

[Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229404 Kristof Provost changed: What|Removed |Added CC||k...@freebsd.org --- Comment #2

[Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229404 Eugene Grosbein changed: What|Removed |Added CC||n...@freebsd.org

[Bug 229404] [pflog] [patch] pflogs kernel modules build fails with VIMAGE

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229404 Eugene Grosbein changed: What|Removed |Added Attachment #194720|0 |1 is obsolete|

[Bug 229404] [pflog] [patch] pflogs kernel modules build fails with VIMAGE

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229404 Bug ID: 229404 Summary: [pflog] [patch] pflogs kernel modules build fails with VIMAGE Product: Base System Version: 11.2-STABLE Hardware: Any OS: Any

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #22 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Fri Jun 22 21:59:31 UTC 2018 New revision: 335569 URL: https://svnweb.freebsd.org/changeset/base/335569 Log: pf: Support "return" statements

[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 --- Comment #2 from Kajetan Staszkiewicz --- While looking on possibility of recreating src_nodes I found that the way src nodes are created is rather sketchy. For example when a new state is created with new src_node, first a node is

[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 --- Comment #1 from Kajetan Staszkiewicz --- I came across an issue preventing this from working correctly when rebooting hardware: pfsync is started before pf (or in my case before my custom service populating pf rules. That's a problem,

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #21 from Kajetan Staszkiewicz --- Without this modification only "block" rules would be configured with return-enabling flag and return ICMP codes. Modification in parse.y ensure that "pass" rules are getting this information

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #20 from Kristof Provost --- (In reply to Kajetan Staszkiewicz from comment #19) I'm not sure I understand what the changes in 'action : PASS {' (in parse.y) are for. Other than that, I think it's good. --

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 Kajetan Staszkiewicz changed: What|Removed |Added Attachment #194340|0 |1 is obsolete|

[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 Mark Linimon changed: What|Removed |Added Keywords||patch

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #18 from Kajetan Staszkiewicz --- I was way too fast. Now block rules work fine but failed-pass rules are not returning again. Please await another patch. -- You are receiving this mail because: You are the assignee for the

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 Kajetan Staszkiewicz changed: What|Removed |Added Attachment #194089|0 |1 is obsolete|

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #16 from Kajetan Staszkiewicz --- That is true, it forces returning RST. I will fix it ASAP. -- You are receiving this mail because: You are the assignee for the bug. ___

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #15 from Kristof Provost --- (In reply to vegeta from comment #14) Thanks for the patch. I think it looks good, but I've got one question. I see that you removed the (r->rule_flag & PFRULE_RETURNRST) || (r->rule_flag &

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 veg...@tuxpowered.net changed: What|Removed |Added Attachment #191739|0 |1 is obsolete|

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #13 from veg...@tuxpowered.net --- I think I have a final patch. Configuration of behaviour is global via `set fail-policy` but in fact it is assigned as a flag to each rule. So it could be modified to be done per-rule if

[Bug 228782] Deadlock on pf

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228782 Kristof Provost changed: What|Removed |Added Status|New |Open

[Bug 228782] Deadlock on pf

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228782 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|p...@freebsd.org -- You are

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 228632] /etc/rc.d/pf returns incorrect exit status.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228632 --- Comment #1 from James Park-Watt --- Created attachment 193889 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=193889=edit pf exit status patch Attached is an indication of what might need to change in order to resolve this

[Bug 228632] /etc/rc.d/pf returns incorrect exit status.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228632 Kristof Provost changed: What|Removed |Added Assignee|p...@freebsd.org |k...@freebsd.org

[Bug 228632] /etc/rc.d/pf returns incorrect exit status.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228632 Mark Linimon changed: What|Removed |Added Component|standards |misc

[Bug 185617] pfctl(8): armv6: "pfctl -s state" crashes on BeagleBone Black due to unaligned access

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185617 Kristof Provost changed: What|Removed |Added CC||k...@freebsd.org

[Bug 185617] pfctl(8): armv6: "pfctl -s state" crashes on BeagleBone Black due to unaligned access

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185617 --- Comment #6 from guy...@gmail.com --- This bug can be closed. Comment 3 contains the commit reference that fixes this bug. It was left open to evaluate restructuring pfsync and pfioc but the patches are now out of date. They can be

[Bug 135948] [pf] [gre] pf not natting gre protocol

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=135948 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #4 from Eitan

[Bug 168190] [pf] panic when using pf and route-to (maybe: bad fragment handling?)

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=168190 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #25 from Eitan

[Bug 186251] authpf(8) always fails with "error removing stale rulesets" on 10.0-RELEASE

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=186251 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #2 from Eitan

[Bug 145727] [pf.conf] pf rules not applied on boot if using inet6 :network modifier

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=145727 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #1 from Eitan

[Bug 135948] [pf] [gre] pf not natting gre protocol

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=135948 Kristof Provost changed: What|Removed |Added Resolution|--- |FIXED Status|Open

[Bug 183198] [pf] pf tables not loaded if only used inside anchor

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=183198 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #8 from Eitan

[Bug 175267] [pf] [tap] pf + tap keep state problem

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=175267 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #2 from Eitan

[Bug 176268] [pf] [patch] synproxy not working with route-to

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176268 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #3 from Eitan

[Bug 122773] [pf] pf doesn't log uid or pid when configured to

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=122773 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #4 from Eitan

[Bug 185617] pfctl(8): armv6: "pfctl -s state" crashes on BeagleBone Black due to unaligned access

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185617 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #5 from Eitan

[Bug 163208] [pf] PF state key linking mismatch

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163208 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #20 from Eitan

[Bug 127042] [pf] [patch] pf recursion panic if interface group is the same as the new interface name

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127042 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #2 from Eitan

[Bug 187566] [pf] incoming ng_l2tp/ipsec packet bypass PF firewall

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=187566 Eitan Adler changed: What|Removed |Added Status|In Progress |Open --- Comment #5 from Eitan

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 182819] pfctl(8) interprets "# .... \" as multi-line comment

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182819 Oleksandr Tymoshenko changed: What|Removed |Added CC|

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 --- Comment #8 from Ermal Luçi --- (In reply to obrienmd from comment #7) You can start here: https://github.com/apple/darwin-xnu/blob/master/bsd/net/pf.c#L317 Its very easy to bring it to FreeBSD, it is only about

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 obrie...@gmail.com changed: What|Removed |Added CC||obrie...@gmail.com ---

[Bug 214613] Reloading pf rules breaks connections on lo0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214613 Kristof Provost changed: What|Removed |Added Resolution|--- |FIXED

[Bug 214613] Reloading pf rules breaks connections on lo0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214613 --- Comment #3 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Wed May 2 22:36:11 UTC 2018 New revision: 333187 URL: https://svnweb.freebsd.org/changeset/base/333187 Log: MFC r333084: pfctl: Don't

[Bug 214613] Reloading pf rules breaks connections on lo0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214613 --- Comment #2 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Wed May 2 20:15:02 UTC 2018 New revision: 333181 URL: https://svnweb.freebsd.org/changeset/base/333181 Log: MFC r333084: pfctl: Don't

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 214613] Reloading pf rules breaks connections on lo0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214613 --- Comment #1 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Sat Apr 28 13:16:59 UTC 2018 New revision: 333084 URL: https://svnweb.freebsd.org/changeset/base/333084 Log: pfctl: Don't break connections

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

Problem reports for p...@freebsd.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

Problem reports for freebsd-pf@FreeBSD.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #12 from Ermal Luçi --- I misread the issue you are experiencing. I do not see any impact on this apart of either - overloading the set block-policy global to express the global policy. pf already marks as

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #11 from Ermal Luçi --- I misread the issue you are experiencing. I do not see any impact on this apart of either - overloading the set block-policy global to express the global policy. pf already marks as

[Bug 196314] pf nested inline anchors does not work

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196314 Kristof Provost changed: What|Removed |Added Resolution|--- |FIXED

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #10 from veg...@tuxpowered.net --- Any rule can fail like this, not only route-to rules, so it is not specific to them. And I'm taking about responding with RST/ICMP to new connections when redirection table is already empty.

[Bug 206468] pfsync: changing syncdev causes panic

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206468 Kristof Provost changed: What|Removed |Added Status|New |Closed

Problem reports for freebsd-pf@FreeBSD.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 Ermal Luçi changed: What|Removed |Added CC||e...@freebsd.org

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #8 from Kristof Provost --- (In reply to vegeta from comment #6) Okay, let's do that. The tests are fairly new. They're only in 12, so those won't get MFCd back to 11 and 10 because they require VIMAGE. Let's

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #7 from veg...@tuxpowered.net --- I was not aware that there are tests for pf. I am still mostly running FreeBSD 10 on my loadbalancers due to amount of custom patches so I am a bit behind the schedule. I will have a look on

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #6 from veg...@tuxpowered.net --- *if* we're aiming for symmetry with block rules. I am unsure if we really should. I usually tend to initially create very universal and highly configurable solutions which break all

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #5 from Kristof Provost --- (In reply to vegeta from comment #4) Okay, I think I understand. It certainly makes sense to follow the block policy for this. If we're aiming for symmetry with the block rules,

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #4 from veg...@tuxpowered.net --- The exact situation looks like this: I use PF for loadbalacing with "route-to" target and also as firewall preventing servers in datacenter from accessing the Internet. Each "route-to" rule has

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #3 from Kristof Provost --- We do care, up to a point, so we (1) don't make importing changes any harder than it needs to be and (2) reduce the syntax difference as much as possible. I'm not quite sure I

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #2 from veg...@tuxpowered.net --- I'm sorry but I did not bother to check OpenBSD syntax. Isn't FreeBSD diverted beyond the point of caring about it anyway? There are other ways to handle this without changing rule syntax, but

[Bug 226850] [pf] Matching but failed rules block without return

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 Mark Linimon changed: What|Removed |Added Assignee|freebsd-b...@freebsd.org

[Bug 127814] [pf] The flush in pf_reload in /etc/rc.d/pf does not work as intended

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127814 Kristof Provost changed: What|Removed |Added Status|In Progress |Closed

[Bug 127814] [pf] The flush in pf_reload in /etc/rc.d/pf does not work as intended

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127814 --- Comment #5 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Wed Mar 21 09:57:30 UTC 2018 New revision: 331289 URL: https://svnweb.freebsd.org/changeset/base/331289 Log: MFC 330105: pf: Do not flush

[Bug 127814] [pf] The flush in pf_reload in /etc/rc.d/pf does not work as intended

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127814 --- Comment #4 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Wed Mar 21 09:57:06 UTC 2018 New revision: 331288 URL: https://svnweb.freebsd.org/changeset/base/331288 Log: MFC 330105: pf: Do not flush

Problem reports for freebsd-pf@FreeBSD.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209475 --- Comment #34 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Sun Mar 18 11:26:07 UTC 2018 New revision: 331117 URL: https://svnweb.freebsd.org/changeset/base/331117 Log: MFC r329950: pf: Cope with

[Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209475 --- Comment #33 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Sun Mar 18 11:25:40 UTC 2018 New revision: 331116 URL: https://svnweb.freebsd.org/changeset/base/331116 Log: MFC r329950: pf: Cope with

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 --- Comment #6 from Kristof Provost --- (In reply to Ermal Luçi from comment #5) Do you have a pointer to the relevant bits? I can probably take a look at some point. -- You are receiving this mail because: You are the

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 Ermal Luçi changed: What|Removed |Added CC||e...@freebsd.org

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 --- Comment #4 from Eric Dombroski --- Correction/clarification: Setting "set skip on gre0" indeed allows the traffic to go through, but doesn't allow any control of traffic over the tunnel. The following

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 --- Comment #3 from Daniel B. --- Just for reference, here's the downstream bug: https://redmine.pfsense.org/issues/4479 -- You are receiving this mail because: You are the assignee for the bug.

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 --- Comment #2 from Eric Dombroski --- # HOST 1 - ROUTER ### root@fbsd12test1:~ # cat /etc/rc.conf hostname="fbsd12test1" ifconfig_vmx0="inet 10.10.10.1 netmask

Problem reports for freebsd-pf@FreeBSD.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 Kristof Provost changed: What|Removed |Added CC|

[Bug 226411] PF does not properly keep state with GRE in IPSec

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 Mark Linimon changed: What|Removed |Added Assignee|freebsd-b...@freebsd.org

Problem reports for freebsd-pf@FreeBSD.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 222126] pf is not clearing expired states

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222126 Kristof Provost changed: What|Removed |Added Assignee|freebsd-pf@FreeBSD.org

[Bug 222126] pf is not clearing expired states

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222126 --- Comment #49 from noah.bergba...@tum.de --- At least in my particular case, I eventually tracked this down to a tunable from loader.conf: kern.timecounter.smp_tsc_adjust=1 Since I removed that, this issue hasn't happened once so I

[Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209475 --- Comment #32 from fehmi noyan isi --- Thank you! -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-pf@freebsd.org mailing list

[Bug 127814] [pf] The flush in pf_reload in /etc/rc.d/pf does not work as intended

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127814 --- Comment #3 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Wed Feb 28 08:53:07 UTC 2018 New revision: 330105 URL: https://svnweb.freebsd.org/changeset/base/330105 Log: pf: Do not flush on reload

[Bug 206468] pfsync: changing syncdev causes panic

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206468 Kristof Provost changed: What|Removed |Added CC|

Problem reports for freebsd-pf@FreeBSD.org that need special attention

To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and

[Bug 209475] pf didn't check if enough free RAM for net.pf.states_hashsize

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209475 --- Comment #31 from commit-h...@freebsd.org --- A commit references this bug: Author: kp Date: Sun Feb 25 08:56:44 UTC 2018 New revision: 329950 URL: https://svnweb.freebsd.org/changeset/base/329950 Log: pf: Cope with overly large

[Bug 223093] /dev/pf locks disrupt other pf-dependent services (ftp-proxy, tftp-proxy, relayd, pfctl, etc)

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223093 Mark Linimon changed: What|Removed |Added Component|bin |kern -- You

<    1   2   3   4   5   6   7   8   9   >