Re: pfctl -k id not working

Reply: Kristof Provost : "Re: pfctl -k id not working"
In reply to: Oleksandr Kryvulia : "Re: pfctl -k id not working"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Sun, 22 Aug 2021 19:01:24 UTC

On 22 Aug 2021, at 20:58, Oleksandr Kryvulia wrote:
> 20.08.21 22:01, Özkan KIRIK пишет:
>> Hi,
>>
>> I'm trying to kill a single state using state id. But even state exists, no
>> (0) states are killed.
>>
>> I'm using FreeBSD stable/12 0f97f2a1857a (Jul 26) build. Outputs are below:
>>
>> root@freebsd:/ # pfctl -ss -vvv | tail -5
>> all tcp 10.255.4.134:60684 -> 10.2.3.10:443       ESTABLISHED:ESTABLISHED
>>    [3857528462 + 256] wscale 7  [2278827950 + 1117184] wscale 9
>>    age 1002336:42:40, expires in 252932:33:04, 250675:343858 pkts,
>> 18984576:362136695 bytes, anchor 1308884992, rule 419430400
>>    id: effe296100000018 creatorid: e9c975c1 gateway: 0.0.0.0
>>    origif: ix0.167
>>
>> root@freebsd:/ # pfctl -k id -k effe296100000018
>> killed 0 states
>>
>> root@freebsd:/ # pfctl -ss -vvv | tail -5
>> all tcp 10.255.4.134:60684 -> 10.2.3.10:443       ESTABLISHED:ESTABLISHED
>>    [1005467278 + 256] wscale 7  [2245470126 + 1117184] wscale 9
>>    age 60966:41:04, expires in 280894:34:40, 250677:343861 pkts,
>> 18984766:362137617 bytes, anchor 1308884992, rule 419430400
>>    id: effe296100000018 creatorid: e9c975c1 gateway: 0.0.0.0
>>    origif: ix0.167
>>
>> is it possible to fix it?
>>
>> Regards
>>
>
> Same on current.

Thanks for the confirmation. It’s very likely fallout from the nvlist changes I did in that area recently.
It’s on my list for Monday. It’s likely to be fairly easy to fix.

Best regards,
Kristof