On 1.9.2017. 22:57, Alexandr Nedvedicky wrote:
> as you can see the kernel sets ruleset.anchor to NULL (see pfattach() and then
> do also a 'grep -n kludge pf_ioctl.c'), while userland links it to
> pf_main_anchor.
>
> I've remember to changing 'parent != NULL' to 'parent != &pf_main_anchor' in
> pf_create_anchor() just to make regression tests passing. Fortunately you did
> run my code in kernel. With change above my patch works for kernel as well as
> for regression tests.
>
> updated patch is attached.
>
> thanks and
> regards
> sasha
Hi,
with this patch i can't trigger panic with or without WITH_PF_LOCK if
that's matter for some reason.
pf conf:
# pfctl -nvf pf.conf
set skip on { lo em0 }
set limit states 1000000
block drop all
anchor "test1" on ix3 all {
pass all flags S/SA
anchor "test11" all {
pass all flags S/SA
}
}
anchor "test2" on ix2 all {
pass all flags S/SA
anchor "test21" all {
pass all flags S/SA
}
}
thank you sasha for great work on MP pf :)
