[Bug 172648] [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet checksum on SYN ACK

2014-11-14 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=172648 Gleb Smirnoff changed: What|Removed |Added CC||gleb...@freebsd.org Assi

[Bug 179392] [pf] [ip6] Incorrect TCP checksums in rdr return packets

2014-11-14 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392 Gleb Smirnoff changed: What|Removed |Added CC||gleb...@freebsd.org Assi

/etc/periodic/security/520.pfdenied

2014-11-14 Thread Dave Horsfall
Not quite sure if this belongs here or elsewhere; it is PF-related, after all, so please refer me somewhere else if necessary. What is the actual intent of this script? It seems to be showing every rule that *could* have triggered, regardless of whether it *did* trigger. I'm happy to submit a

Re: Checksumming outgoing packets in PF vs in ip[6]_output

2014-11-14 Thread Ermal Luçi
Hello Ilya, just approval from some people. I will follow-up. On Fri, Nov 14, 2014 at 1:34 PM, Ilya Bakulin wrote: > Hi Ermal, > yes, this patch works for both #179392 and #172648. > > What do you need to merge this into -CURRENT and MFC to stable/9? > > > On 2014-11-14 12:57, Ermal Luçi wrote:

Re: Checksumming outgoing packets in PF vs in ip[6]_output

2014-11-14 Thread Ilya Bakulin
Hi Ermal, yes, this patch works for both #179392 and #172648. What do you need to merge this into -CURRENT and MFC to stable/9? On 2014-11-14 12:57, Ermal Luçi wrote: > Here is a direct patch. > Give it a try. > > For the reply-to issues there is another patch complementary to this i > will send

Re: Checksumming outgoing packets in PF vs in ip[6]_output

2014-11-14 Thread Ermal Luçi
Here is a direct patch. Give it a try. For the reply-to issues there is another patch complementary to this i will send. On Fri, Nov 14, 2014 at 11:34 AM, Ilya Bakulin wrote: > Hi all, > > actually with _my_ checksumming patch the rdr-to is broken completely :-( > So I'm waiting for Ermal to se

Re: [Bug 172648] [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet checksum on SYN ACK

2014-11-14 Thread Ilya Bakulin
Hi Ermal, unfortunately your inline patch seems to be broken, actually it is a patch for patch??? Please send a correct copy. On 2014-11-10 09:46, Ermal Luçi wrote: Give this patch inline a try: --- a/patches/releng/10.1/pf_reply-to.enahnce.diff +++ b/patches/releng/10.1/pf_reply-to.enahnce.

Re: Checksumming outgoing packets in PF vs in ip[6]_output

2014-11-14 Thread Ilya Bakulin
Hi all, actually with _my_ checksumming patch the rdr-to is broken completely :-( So I'm waiting for Ermal to send an updated version of his patch that may really solve the problem! On 2014-11-14 09:17, Ermal Luçi wrote: Yes confirmed it will solve that issue as well. On Thu, Nov 13, 2014 a

Re: Checksumming outgoing packets in PF vs in ip[6]_output

2014-11-14 Thread Ermal Luçi
Yes confirmed it will solve that issue as well. On Thu, Nov 13, 2014 at 9:30 PM, J David wrote: > On Wed, Nov 5, 2014 at 9:28 AM, Ilya Bakulin wrote: > > Of course it was interesting what does the upstream PF do (@ OpenBSD). > Seems > > they have made the decision to > > leave the task of recal