r289932 causes pf reversion - breaks rules with broadcast destination
Tom Uffner
tom at uffner.com
Thu Nov 5 15:26:06 UTC 2015
Kristof Provost wrote:
> On 2015-11-04 20:31:35 (-0500), Tom Uffner <tom at uffner.com> wrote:
>> Commit r289932 causes pf rules with broadcast destinations (and some but not
>> all rules after them in pf.conf) to be silently ignored. This is bad.
> What version did you test exactly?
>
> There was an issue with r289932 that was fixed in r289940, so if you're
> in between those two can you test with something after r289940?
thanks for your response.
r289940 does not fix the problem that I am seeing.
I first discovered it when I updated a -current system (from Jun 30, don't
know the exact rev) to r290174 on Oct 30. After finding that many of my net
services no longer worked, I isolated rules w/ broadcast addresses as the
specific cause of the problem.
Then I looked up every commit that touched sys/netpfil/pf from 6/30 to 10/30
and tested a kernel from before & after each one. when r290160 unexpectedly
failed, I looked a little deeper and came up with sys/net/pfvars.h and r289932
As I said, I don't know why this change causes a problem (and don't really
have time to figure it out at the moment).
I just know that <=r289931 works, and that r289932 and greater do not.
thanks,
tom
More information about the freebsd-current
mailing list