* Danix <da...@kernel-panic.it> [2010-12-26 21:40]:
> Hi all,
>
> I've made a python module for managing Packet Filter and I'm
> updating it to 4.8 now; so I'm taking a close look at the pfctl
> source code and I think I've stumbled upon a little bug (tested on
> -current)...
>
> To put it short:
>
> # grep 6789 /etc/pf.conf
> pass in on vic0 proto tcp from any to vic0 port 6789 rdr-to {
> 1.2.3.4, 1.2.3.5, 1.2.3.7 } round-robin
>
> # pfctl -sr | grep 6789
> pass in on vic0 inet proto tcp from any to 192.168.1.28 port = 6789
> flags S/SA keep state rdr-to <__automatic_b107482c_0> round-robin
this is correct. the pool has been turned into a table automagically.
> Redirection works but pfctl(8) fails to correctly display the
> redirection pool. This issue shows up only when the redirection pool
> has multiple addresses and is not a table.
> I suppose that (in that particular case) the addr field of the
> pf_pool structure is not correctly populated in parse.y, but I can't
> figure out how it should be, since a pf_addr_wrap can't represent an
> address pool, but only a single address or a table...
> Am I missing something?
pools don't exist any more internally. they are converted to tables at
load time.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
