Re: relayd and rdomain/prio defaults
On 2012/03/06 10:20, Gabriel Linder wrote: > On 03/05/12 21:10, Erik Lax wrote: > >On 3/2/12 5:09 PM, Gabriel Linder wrote: > >>Since 5.0 rules injected by relayd includes "on rdomain 0" and > >>"prio 0", I guess that's not intended ? > >I think you're right. And if so, the same problem seem to exist for > >the ftp-proxy (filter.c) as well. I guess this is what happens when > >default values aren't compatible with bzero :) > > Indeed :) Anything messing with anchors is probably concerned. > > I just saw that my MUA scrambled my previous diff by replacing tabs > by spaces, here is a proper version > http://dargor.servebeer.com/~dargor/openbsd/relayd/pfe_filter.c.diff > Seems OK to me but somebody who uses multiple rtables needs to check it (and also for ftp-proxy where a similar diff is needed and it has some multiple rtable support already). Here it is for tftp-proxy which is single rtable. OK? Index: filter.c === RCS file: /cvs/src/libexec/tftp-proxy/filter.c,v retrieving revision 1.10 diff -u -p -r1.10 filter.c --- filter.c22 Jun 2011 08:40:14 - 1.10 +++ filter.c6 Mar 2012 09:55:29 - @@ -214,6 +214,9 @@ prepare_rule(u_int32_t id, struct sockad } pfr.rule.dst.port_op = PF_OP_EQ; pfr.rule.dst.port[0] = htons(d_port); + pfr.rule.rtableid = -1; + pfr.rule.onrdomain = -1; + pfr.rule.prio[0] = pfr.rule.prio[1] = PF_PRIO_NOTSET; pfr.rule.action = PF_PASS; pfr.rule.quick = 1; pfr.rule.log = rule_log;
Re: relayd and rdomain/prio defaults
just to confirm, I've seen this, this is a problem and we're discussing how to fix the offenders (it's not just relayd) * Gabriel Linder [2012-03-02 18:26]: > Since 5.0 rules injected by relayd includes "on rdomain 0" and "prio > 0", I guess that's not intended ? > > Index: pfe_filter.c > === > RCS file: /cvs/src/usr.sbin/relayd/pfe_filter.c,v > retrieving revision 1.47 > diff -u -r1.47 pfe_filter.c > --- pfe_filter.c19 May 2011 08:56:49 -1.47 > +++ pfe_filter.c2 Mar 2012 16:06:30 - > @@ -439,6 +442,8 @@ > rio.rule.dst.port[0] = address->port.val[0]; > rio.rule.dst.port[1] = address->port.val[1]; > rio.rule.rtableid = -1; /* stay in the main routing table */ > +rio.rule.onrdomain = -1; > +rio.rule.prio[0] = rio.rule.prio[1] = PF_PRIO_NOTSET; > > if (rio.rule.proto == IPPROTO_TCP) > rio.rule.timeout[PFTM_TCP_ESTABLISHED] = > -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: relayd and rdomain/prio defaults
On 03/05/12 21:10, Erik Lax wrote: On 3/2/12 5:09 PM, Gabriel Linder wrote: Since 5.0 rules injected by relayd includes "on rdomain 0" and "prio 0", I guess that's not intended ? I think you're right. And if so, the same problem seem to exist for the ftp-proxy (filter.c) as well. I guess this is what happens when default values aren't compatible with bzero :) Indeed :) Anything messing with anchors is probably concerned. I just saw that my MUA scrambled my previous diff by replacing tabs by spaces, here is a proper version http://dargor.servebeer.com/~dargor/openbsd/relayd/pfe_filter.c.diff
Re: relayd and rdomain/prio defaults
On 3/2/12 5:09 PM, Gabriel Linder wrote: Since 5.0 rules injected by relayd includes "on rdomain 0" and "prio 0", I guess that's not intended ? I think you're right. And if so, the same problem seem to exist for the ftp-proxy (filter.c) as well. I guess this is what happens when default values aren't compatible with bzero :)