* Didier Wiroth <dwir...@gmail.com> [2010-01-23 23:15]: > On Wednesday 20 January 2010 23:21:35 Michael Lechtermann wrote: > > Am 20.01.2010 23:15, schrieb frantisek holop: > > > hmm, on Wed, Jan 20, 2010 at 04:58:32PM +0100, Michael Lechtermann said > > > that > > > > > >> it seems there is a bug in pfctl regarding the cleared time of a table > > >> entry. The attack actually happend this year, but the date shown is > > >> constantly changing: > > > > > > been like this forever... > > > > > > -pa-r-- bad-ssh > > > Addresses: 3 > > > Cleared: Thu Jan 1 01:00:00 1970 > > > References: [ Anchors: 0 Rules: 2 > > > ] Evaluations: [ NoMatch: 0 Match: 0 > > > ] In/Block: [ Packets: 0 Bytes: 0 ] > > > In/Pass: [ Packets: 0 Bytes: 0 ] > > > In/XPass: [ Packets: 0 Bytes: 0 ] > > > Out/Block: [ Packets: 0 Bytes: 0 ] > > > Out/Pass: [ Packets: 0 Bytes: 0 ] > > > Out/XPass: [ Packets: 0 Bytes: 0 ] > > > > > > i think i have sent a message about it ages ago but only to misc@ > > > > For me, it is a new behavior. It still worked with OpenBSD snapshot from > > around 08/2009. > > Hello, > I'm running latest current and I have the same issues now: > # pfctl -t tb1 -Ts -vvv > 172.16.43.34 > Cleared: Wed Dec 31 11:19:39 1969 > 172.16.43.35 > Cleared: Wed Dec 31 11:19:39 1969 > > Actually this used to be displayed correctly 2 or 3 snapshots ago. > > Is this a known bug?
it's a slightly weird side-effect. a quick glance indicates that the tzero timestamp is part of the stats struct and tables don't keep stats/counters by default any more. for some time tho. i don't remember any recent changes to the table code (as if anybody wanted to touch that mess) -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
