Re: relayd and rdomain/prio defaults

2012-03-06 Thread Gabriel Linder

On 03/05/12 21:10, Erik Lax wrote:

On 3/2/12 5:09 PM, Gabriel Linder wrote:
Since 5.0 rules injected by relayd includes on rdomain 0 and prio 
0, I guess that's not intended ?
I think you're right. And if so, the same problem seem to exist for 
the ftp-proxy (filter.c) as well. I guess this is what happens when 
default values aren't compatible with bzero :)


Indeed :) Anything messing with anchors is probably concerned.

I just saw that my MUA scrambled my previous diff by replacing tabs by 
spaces, here is a proper version 
http://dargor.servebeer.com/~dargor/openbsd/relayd/pfe_filter.c.diff




Re: relayd and rdomain/prio defaults

2012-03-06 Thread Henning Brauer
just to confirm, I've seen this, this is a problem and we're
discussing how to fix the offenders (it's not just relayd)

* Gabriel Linder lin...@jeuxvideo.com [2012-03-02 18:26]:
 Since 5.0 rules injected by relayd includes on rdomain 0 and prio
 0, I guess that's not intended ?
 
 Index: pfe_filter.c
 ===
 RCS file: /cvs/src/usr.sbin/relayd/pfe_filter.c,v
 retrieving revision 1.47
 diff -u -r1.47 pfe_filter.c
 --- pfe_filter.c19 May 2011 08:56:49 -1.47
 +++ pfe_filter.c2 Mar 2012 16:06:30 -
 @@ -439,6 +442,8 @@
  rio.rule.dst.port[0] = address-port.val[0];
  rio.rule.dst.port[1] = address-port.val[1];
  rio.rule.rtableid = -1; /* stay in the main routing table */
 +rio.rule.onrdomain = -1;
 +rio.rule.prio[0] = rio.rule.prio[1] = PF_PRIO_NOTSET;
 
  if (rio.rule.proto == IPPROTO_TCP)
  rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
 

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/



Re: relayd and rdomain/prio defaults

2012-03-06 Thread Stuart Henderson
On 2012/03/06 10:20, Gabriel Linder wrote:
 On 03/05/12 21:10, Erik Lax wrote:
 On 3/2/12 5:09 PM, Gabriel Linder wrote:
 Since 5.0 rules injected by relayd includes on rdomain 0 and
 prio 0, I guess that's not intended ?
 I think you're right. And if so, the same problem seem to exist for
 the ftp-proxy (filter.c) as well. I guess this is what happens when
 default values aren't compatible with bzero :)
 
 Indeed :) Anything messing with anchors is probably concerned.
 
 I just saw that my MUA scrambled my previous diff by replacing tabs
 by spaces, here is a proper version
 http://dargor.servebeer.com/~dargor/openbsd/relayd/pfe_filter.c.diff
 

Seems OK to me but somebody who uses multiple rtables needs to check it
(and also for ftp-proxy where a similar diff is needed and it has some
multiple rtable support already).

Here it is for tftp-proxy which is single rtable. OK?

Index: filter.c
===
RCS file: /cvs/src/libexec/tftp-proxy/filter.c,v
retrieving revision 1.10
diff -u -p -r1.10 filter.c
--- filter.c22 Jun 2011 08:40:14 -  1.10
+++ filter.c6 Mar 2012 09:55:29 -
@@ -214,6 +214,9 @@ prepare_rule(u_int32_t id, struct sockad
}
pfr.rule.dst.port_op = PF_OP_EQ;
pfr.rule.dst.port[0] = htons(d_port);
+   pfr.rule.rtableid = -1;
+   pfr.rule.onrdomain = -1;
+   pfr.rule.prio[0] = pfr.rule.prio[1] = PF_PRIO_NOTSET;
pfr.rule.action = PF_PASS;
pfr.rule.quick = 1;
pfr.rule.log = rule_log;