Hello,
On Tue, Apr 02, 2019 at 12:59:33PM +0200, Petr Hoffmann wrote:
> On 02.04.2019 12:06, Klemens Nanni wrote:
> >On Tue, Apr 02, 2019 at 11:28:43AM +0200, Petr Hoffmann wrote:
> >>would make me believe everything mentioned as OPTIONS in pf.conf(5) is about
> >>to be reset. I see e.g. the debug level is reset, but what about the other
> >>stuff like fingerprints, 'skip on' and other options set via the 'set'
> >>command? Maybe the manpage should be more precise here?
> >Seems fine to me, given that a) some options are not persisted in the
> >driver but only effective during ruleset parsing and b) stuff like
> >fingerprints is already flushed separately, see pfctl(8) `-F osfp'.
> For me, forcing the user to think what is meant by 'options' is not
> very friendly, though I understand the idea behind *some* options
> being used only while parsing. Let's assume I'm the smart user who
> is able to distinguish them. But then, 'set skip on' is the
> persistent one, right, but still not reset, I guess.
>
I think Petr is right here. my patch requires yet another finishing touch:
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 40929d90530..032fdd08b57 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -2267,6 +2267,8 @@ pfctl_reset(int dev, int opts)
if (pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
warn("%s, DIOCXCOMMIT", __func__);
+
+ pfctl_clear_interface_flags(dev, opts);
}
int
@@ -2594,7 +2596,6 @@ main(int argc, char *argv[])
pfctl_clear_src_nodes(dev, opts);
pfctl_clear_stats(dev, ifaceopt, opts);
pfctl_clear_fingerprints(dev, opts);
- pfctl_clear_interface_flags(dev, opts);
pfctl_reset(dev, opts);
}
break;
--------8<---------------8<---------------8<------------------8<--------
I'll walk through my change one more time to check if there are similar
oversights.
thanks and
regards
sasha
