On 2012/03/06 10:20, Gabriel Linder wrote: > On 03/05/12 21:10, Erik Lax wrote: > >On 3/2/12 5:09 PM, Gabriel Linder wrote: > >>Since 5.0 rules injected by relayd includes "on rdomain 0" and > >>"prio 0", I guess that's not intended ? > >I think you're right. And if so, the same problem seem to exist for > >the ftp-proxy (filter.c) as well. I guess this is what happens when > >default values aren't compatible with bzero :) > > Indeed :) Anything messing with anchors is probably concerned. > > I just saw that my MUA scrambled my previous diff by replacing tabs > by spaces, here is a proper version > http://dargor.servebeer.com/~dargor/openbsd/relayd/pfe_filter.c.diff >
Seems OK to me but somebody who uses multiple rtables needs to check it (and also for ftp-proxy where a similar diff is needed and it has some multiple rtable support already). Here it is for tftp-proxy which is single rtable. OK? Index: filter.c =================================================================== RCS file: /cvs/src/libexec/tftp-proxy/filter.c,v retrieving revision 1.10 diff -u -p -r1.10 filter.c --- filter.c 22 Jun 2011 08:40:14 -0000 1.10 +++ filter.c 6 Mar 2012 09:55:29 -0000 @@ -214,6 +214,9 @@ prepare_rule(u_int32_t id, struct sockad } pfr.rule.dst.port_op = PF_OP_EQ; pfr.rule.dst.port[0] = htons(d_port); + pfr.rule.rtableid = -1; + pfr.rule.onrdomain = -1; + pfr.rule.prio[0] = pfr.rule.prio[1] = PF_PRIO_NOTSET; pfr.rule.action = PF_PASS; pfr.rule.quick = 1; pfr.rule.log = rule_log;