On Mon, Jul 15, 2019 at 11:06:50AM +0200, Alexandr Nedvedicky wrote:
> your change looks good and makes sense. However I would ask for one more
> tweak to your fix:
>
> 8<---8<---8<--8<
> diff --git a/sys/net/pf.c b/sys/net/pf.c
> ind
Hello,
>
> To fix both bugs, I wrote this diff that adds a check in pf_test_rule()
> to prevent expired once rules from being added to pf_rule_gcl. The
> check is added "early" in pf_test_rule() to prevent any further
> connections from creating state if they match the expired once rule.
>
> I
On Tue, Jul 09, 2019 at 03:35:26PM -0600, Aaron Bieber wrote:
> I get the panic when the rule is in an anchor as well.
>
> PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE
>
> >> On Jul 7, 2019, at 4:39 PM, Mike Belopuhov wrote:
> > ???
> > Aaron Bieber writes:
> >
>
I get the panic when the rule is in an anchor as well.
PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE
>> On Jul 7, 2019, at 4:39 PM, Mike Belopuhov wrote:
>
> Aaron Bieber writes:
>
>> Hi,
>>
>> Adding a rule similar to the below causes a panic on -current (OpenB
Aaron Bieber writes:
> Hi,
>
> Adding a rule similar to the below causes a panic on -current (OpenBSD
> 6.5-current (GENERIC) #95: Thu Jul 4 21:22:25 MDT 2019). This also panics 6.3
> and 6.5 (I didn't test 6.4):
>
> pass in quick on egress proto tcp from any to port once rdr-to \
>