Re: pf log drop default rule

2023-10-13 Thread J Doe 

On 2023-10-10 18:28, Alexander Bluhm wrote:


Hi,

If a packet is malformed, it is dropped by pf(4).  The rule referenced
in pflog(4) is the default rule.  As the default rule is a pass
rule, tcpdump prints "pass" although the packet is actually dropped.
I have reports from genua and OPNsense users who are confused by
the output.

With the diff below we see pass or blocked when the packet is matched
or dropped due to bad fragment respectively.


Hello,

I have experienced something with pf that I think may be related to 
this, but I wasn't sure.


When I check my pflog files in WireShark, I note that WireShark displays 
this in the "Info" column:


[pass vio0/-1]

Does the "-1" for the rule number mean that this is the implicit/default 
rule ?


This is for a packet that is being processed by my default deny rule, 
which appears to be a malformed packet, but shows up in WireShark as "pass".


Thanks,

- J

Re: CVS: cvs.openbsd.org: src

2017-07-04 Thread J Doe 
Hi,

On Jul 4, 2017, at 7:40 AM, Mark Kettenis  wrote:

>> From: Frank Groeneveld 
>> Date: Tue, 04 Jul 2017 09:38:18 +0200
>> 
>>> On Mon, Jul 3, 2017, at 08:30, Martijn van Duren wrote:
>>> This change *STILL* breaks my $DAYJOB machine.
>>> 
>>> dmesg with DRMDEBUG enabled
>> 
>> Maybe you shouldn't chose Apple hardware ;-)

I've actually had really positive experiences with running OpenBSD with Apple 
hardware.  I had an iMac that I used as an experimental box and the only issue 
with it was retrieving the blob for the video card.  Likewise, I had a 
firewall/NIDS running on a headless Mac Mini with no issues.  Even more 
impressive, I had zero-configuration support for an Apple USB 10/100 NIC, which 
I expected would be a bit more of a niche device.

I note that you mention ThinkPads and I know they are highly regarded within 
the OpenBSD community . . . I just thought I'd throw in my two cents on Apple 
hardware!

Cheers,

- J