Hello,
On Wed, Sep 30, 2020 at 11:02:28PM +0200, Klemens Nanni wrote:
> On Sun, Sep 20, 2020 at 07:29:38PM +0200, Klemens Nanni wrote:
> > Rebased diff after yasouka's pfctl commit; it still takes care of
> > rdomains only, but I'd appreciate folks using `on rdomain' in their
> > pf.conf test thi
On Sun, Sep 20, 2020 at 07:29:38PM +0200, Klemens Nanni wrote:
> Rebased diff after yasouka's pfctl commit; it still takes care of
> rdomains only, but I'd appreciate folks using `on rdomain' in their
> pf.conf test this. If this works out I'd like to put it in shortly
> after release and work on
On Tue, Sep 15, 2020 at 02:31:24AM +0200, Klemens Nanni wrote:
> On Tue, Sep 15, 2020 at 12:30:35AM +0200, Klemens Nanni wrote:
> > Actually, that should just work regardless of whether the rounting
> > domain exists at ruleset creation time; just like it is the case with
> > interface names/group
the condition was reversed.
ok?
Index: parse.y
===
RCS file: /cvs/src/sbin/pfctl/parse.y,v
retrieving revision 1.702
diff -u -p -r1.702 parse.y
--- parse.y 17 Sep 2020 10:09:43 - 1.702
+++ parse.y 17 Sep 2020 14:23:42
Hi,
I just committed yours.
Thanks,
On Wed, 16 Sep 2020 16:07:40 +0200
Klemens Nanni wrote:
> On Wed, Sep 16, 2020 at 07:49:19PM +0900, YASUOKA Masahiko wrote:
>> New diff is using -1 for ENOENT.
>>
>> Also domainid == 0 is a valid domain id, but previous diff cannot make
>> a cache of it sinc
On Wed, Sep 16, 2020 at 07:49:19PM +0900, YASUOKA Masahiko wrote:
> New diff is using -1 for ENOENT.
>
> Also domainid == 0 is a valid domain id, but previous diff cannot make
> a cache of it since 0 is the default value. So new diff is doing
>
> - static u_int found[RT_TABLEID_M
Hi,
On Wed, 16 Sep 2020 12:04:55 +0200
Klemens Nanni wrote:
> Using the function verb would reads a bit clearer/more intuitive,
> i.e.
Yes, "if (!rtable_exists($2))" seems better.
>> @@ -5887,17 +5897,37 @@ rdomain_exists(u_int rdomain)
>>
>> len = sizeof(info);
>> if (sysctl(mib, 6
On Wed, Sep 16, 2020 at 06:22:00PM +0900, YASUOKA Masahiko wrote:
> Let me continue this separetely.
Yes, let's get your diff in for release and then work out the other
approach.
> Make pfctl check if the rtable really exists when parsing the config.
The diff is a bit hard to read (nothing you can
Hi,
So, it seems we need to more code and test for pf(4) part.
Let me continue this separetely.
On Mon, 14 Sep 2020 11:07:53 +0200
Klemens Nanni wrote:
> On Mon, Sep 14, 2020 at 02:09:27PM +0900, YASUOKA Masahiko wrote:
>> Make pfctl check if the rtable really exists when parsing the config.
>
On Tue, Sep 15, 2020 at 12:42:27PM +0900, YASUOKA Masahiko wrote:
> It's not clear for me why non-existing rdomain is accepted but
> non-existing rtable is rejected. I suppose we can make pf(4) can
> handle a packet for the non-existing routing table as if the routing
> table is empty.
Probably po
Hi,
On Tue, 15 Sep 2020 02:31:24 +0200
Klemens Nanni wrote:
> On Tue, Sep 15, 2020 at 12:30:35AM +0200, Klemens Nanni wrote:
>> Actually, that should just work regardless of whether the rounting
>> domain exists at ruleset creation time; just like it is the case with
>> interface names/groups wh
On Tue, Sep 15, 2020 at 12:30:35AM +0200, Klemens Nanni wrote:
> Actually, that should just work regardless of whether the rounting
> domain exists at ruleset creation time; just like it is the case with
> interface names/groups which may come and go at runtime without
> requiring changes to the r
On Mon, Sep 14, 2020 at 02:09:27PM +0900, YASUOKA Masahiko wrote:
> When pf rule with a "on rdomain n" with nonexisting rdomain n causes
>
> /etc/pf.conf:XXX: rdomain n does not exist
Actually, that should just work regardless of whether the rounting
domain exists at ruleset creation time; just
On Mon, Sep 14, 2020 at 02:09:27PM +0900, YASUOKA Masahiko wrote:
> Make pfctl check if the rtable really exists when parsing the config.
I concur, but you can do this with less (duplicated) code.
Instead of copying rdomain_exists() into rtable_exists() with the
`rti_domainid' check omitted, tweak
Hi,
When pf rule with a "on rdomain n" with nonexisting rdomain n causes
/etc/pf.conf:XXX: rdomain n does not exist
error. But with a "rtable n" with nonexisting rtable n will cause
pfctl: DIOCADDRULE: Device busy
error. It is hard to find the cause by this error message.
/etc/pf.conf
15 matches
Mail list logo
