kernel/6416: pf 'pass from route "foo"' broken

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

kernel/6416: pf 'pass from route "foo"' broken

Stuart Henderson-10
>Number:         6416
>Category:       kernel
>Synopsis:       pf 'pass from route "foo"' broken
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:      
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Tue Jun 29 21:50:02 GMT 2010
>Closed-Date:
>Last-Modified:
>Originator:    
>Release:        
>Organization:
>Environment:
        System      : OpenBSD 4.7
        Details     : OpenBSD 4.7 (GENERIC.MP) #437: Fri Mar  5 07:32:33 MST 2010
                         [hidden email]:/sys/arch/i386/compile/GENERIC.MP

        Architecture: OpenBSD.i386
        Machine     : i386
>Description:

Specifying route labels in PF rules doesn't work.

>How-To-Repeat:

# printf 'pass\n pass log from route "foo"\n pass log to route "bar"\n' | pfctl -vf -                                                          
pass all flags S/SA keep state                                        
pass log from route "foo" to any flags S/SA keep state                
pass log from any to route "bar" flags S/SA keep state                
                                                                     
but the kernel doesn't act upon the labels, and retrieving the        
ruleset results in junk:                                              
                                                                     
# pfctl -sr | cat -v                                                  
pass all flags S/SA keep state                                        
pass log from route "^C" to any flags S/SA keep state                
pass log from any to route "^E" flags S/SA keep state                
                                                                     
>Fix:

Fix not known. Problem was introduced in pf_pool removal
(2010/01/12 03:20:51).

Already discussed with various people; adding a PR to make sure
it doesn't get lost.


>Release-Note:
>Audit-Trail:
>Unformatted: