Fwd: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...

olli hauer ohauer at gmx.de
Thu Jun 30 21:32:46 UTC 2011 

On 2011-06-28 13:58, Bjoern A. Zeeb wrote:
> Begin forwarded message:
> 
>> From: "Bjoern A. Zeeb" <bz at FreeBSD.org>
>> Date: June 28, 2011 11:57:25 AM GMT+00:00
>> To: src-committers at freebsd.org, svn-src-all at freebsd.org, svn-src-head at freebsd.org
>> Subject: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...
>>
>> Author: bz
>> Date: Tue Jun 28 11:57:25 2011
>> New Revision: 223637
>> URL: http://svn.freebsd.org/changeset/base/223637
>>
>> Log:
>>  Update packet filter (pf) code to OpenBSD 4.5.
>>
>>  You need to update userland (world and ports) tools
>>  to be in sync with the kernel.
>>
>>  Submitted by:	mlaier
>>  Submitted by:	eri
> 
> 
> In short; please test!
> 

Haven't had time to test, hopefully later this weekend.

The structure pfioc_state_kill is wrong documented,
wrong documentation was also in OpenBSD45 present.
See also PR 143504.

Maybe it's also a good idea to look into the patches
submitted short after OpenBSD45 release (~2 - 6 weeks
later) before the the major rewrite has started.



from: sys/contrib/pf/net/pfvar.h
==================================
struct pfioc_state_kill {
    struct pf_state_cmp psk_pfcmp;
    sa_family_t     psk_af;
    int         psk_proto;
    struct pf_rule_addr psk_src;
    struct pf_rule_addr psk_dst;
    char            psk_ifname[IFNAMSIZ];
    char            psk_label[PF_RULE_LABEL_SIZE];
    u_int           psk_killed;
};


Fix for documentation:

Index: contrib/pf/man/pf.4
===================================================================
--- contrib/pf/man/pf.4 (revision 223637)
+++ contrib/pf/man/pf.4 (working copy)
@@ -308,7 +308,7 @@
 .It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk"
 Remove matching entries from the state table.
 This ioctl returns the number of killed states in
-.Va psk_af .
+.Va psk_killed .
 .Bd -literal
 struct pfioc_state_kill {
        sa_family_t             psk_af;
@@ -316,6 +316,8 @@
        struct pf_rule_addr     psk_src;
        struct pf_rule_addr     psk_dst;
        char                    psk_ifname[IFNAMSIZ];
+    char                       psk_label[PF_RULE_LABEL_SIZE];
+    u_int                      psk_killed;
 };
 .Ed
 .It Dv DIOCCLRSTATES Fa "struct pfioc_state_kill *psk"

More information about the freebsd-pf mailing list