I've just seen that this has been fixed in 7.3, now I see that prune,
graft, graft-ack messages are not blocked by PF
Thanks a lot
Il giorno gio 16 mar 2023 alle ore 16:45 Luca Di Gregorio
ha scritto:
> Ok, thanks a lot for the info
>
> Il giorno gio 16 mar 2023 alle 16:40 Theo de Raadt
> ha s
Ok, thanks a lot for the info
Il giorno gio 16 mar 2023 alle 16:40 Theo de Raadt ha
scritto:
> Luca Di Gregorio wrote:
>
> > do you think that the correction proposed by Alexandr could be done with
> a
> > syspatch, or in the next release?
>
> It does not meet the treshold for becoming a syspat
Luca Di Gregorio wrote:
> do you think that the correction proposed by Alexandr could be done with a
> syspatch, or in the next release?
It does not meet the treshold for becoming a syspatch.
Hi,
do you think that the correction proposed by Alexandr could be done with a
syspatch, or in the next release?
Thanks, regards
Il giorno sab 4 mar 2023 alle ore 06:34 Luca Di Gregorio
ha scritto:
> Hi, my modest opinions:
>
> > Instead of implementing more and more details of RFC, we should
>
Hi, my modest opinions:
> Instead of implementing more and more details of RFC, we should
> discuss what the goal is.
I'd like to have multicast routing working properly.
Multicast routing with good network architecture allows people
to save tons of resources on hosts, as well as saving a lot of
On Sat, Mar 04, 2023 at 12:09:41AM +0100, Alexandr Nedvedicky wrote:
> 6847 /* IGMP packets have router alert options, allow them */
> 6848 if (pd->proto == IPPROTO_IGMP) {
> 6849 /*
> 6850 * According to RFC 1112 ttl must be set to 1 in all IGMP
> 6
Hello,
On Fri, Mar 03, 2023 at 09:14:38PM +0100, Alexander Bluhm wrote:
> On Fri, Mar 03, 2023 at 08:54:51AM +0100, Luca Di Gregorio wrote:
> > Hi, just another bit of info about this issue.
>
> Instead of implementing more and more details of RFC, we should
> discuss what the goal is.
>
> We had
On Fri, Mar 03, 2023 at 08:54:51AM +0100, Luca Di Gregorio wrote:
> Hi, just another bit of info about this issue.
Instead of implementing more and more details of RFC, we should
discuss what the goal is.
We had a pf that dropped valid IGMP packets due to router-alert
option. So I added code to
Hi, just another bit of info about this issue.
I've installed from github the newest version of mrouted on a Linux machine.
Just like the built-in OpenBSD's version of mrouted, this github version
sends DVMRP Prune messages
with IP Destination Address = Unicast Address of the adjacent router, and
Hello Matthieu,
On Tue, Feb 28, 2023 at 02:05:50PM +0100, Matthieu Herrb wrote:
> > --- a/sys/net/pf.c
> > +++ b/sys/net/pf.c
> > @@ -6846,8 +6846,12 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h,
> > u_short *reason)
> > pd->proto = h->ip_p;
> > /* IGMP packets have router alert
Hi Matthieu,
DVMRP messages are sent with IGMP protocol. Some Multicast Control messages
(Query, Report) have an IP Destination Address belonging to 224.0.0.0/4,
with TTL=1.
Other DVMRP multicast control messages (Prune, Graft, Graft-Ack) have an IP
Destination Address = Unicast Address of the adj
On Mon, Feb 27, 2023 at 12:04:54AM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
>
> > > 8<---8<---8<--8<
> > > diff --git a/sys/net/pf.c b/sys/net/pf.c
> > > index 8cb1326a160..c328109026c 100644
> > > --- a/sys/net/pf.c
> > > +++ b/sys/net/
Hello,
> > 8<---8<---8<--8<
> > diff --git a/sys/net/pf.c b/sys/net/pf.c
> > index 8cb1326a160..c328109026c 100644
> > --- a/sys/net/pf.c
> > +++ b/sys/net/pf.c
> > @@ -6847,7 +6847,7 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h,
> >
On Sun, Feb 26, 2023 at 12:09:13AM +0100, Alexandr Nedvedicky wrote:
> Hello,
Hi,
one remark at the end.
I usually add explicit pass rules for multicast IPv6 traffic on my
boxes where IPv6 matters, because otherwise I've seen issues in the
past, but I don't have details anymore.
So I'm happy i
Hello,
the issue has been discovered and analyzed by Luca di Gregorio
on bugs@ [1]. The thread [1] covers all details. People who
wish to read brief summary can skip to Luca's email [2].
To wrap it up the current handling IGMP/MLD messages in pf(4)
is exact opposite. I failed to translate English
15 matches
Mail list logo
