Page MenuHomeFreeBSD
Differential D30092

pf: Support killing 'matching' states
ClosedPublic
Actions

Authored by kp on May 3 2021, 2:51 PM.
Tags
None
Referenced Files
F142576460: D30092.id88872.diff
Wed, Jan 21, 4:58 AM
Unknown Object (File)
Sat, Jan 17, 9:32 PM
Unknown Object (File)
Thu, Jan 15, 5:52 AM
Unknown Object (File)
Wed, Jan 14, 4:12 PM
Unknown Object (File)
Tue, Jan 13, 3:44 AM
Unknown Object (File)
Fri, Dec 26, 11:10 AM
Unknown Object (File)
Dec 18 2025, 4:05 PM
Unknown Object (File)
Dec 17 2025, 12:54 PM
View All Files
Subscribers
ae
bcr
farrokhi
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
manpages
Commits
rG8c610ccac621: pf: Support killing 'matching' states
rG21449c5c1eee: pf: Support killing 'matching' states
rG93abcf17e6cf: pf: Support killing 'matching' states
Summary

Optionally also kill states that match (i.e. are the NATed state or
opposite direction state entry for) the state we're killing.

See also https://redmine.pfsense.org/issues/8555

Submitted by: Steven Brown
Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.May 3 2021, 2:51 PM
Herald added a reviewer: manpages. · View Herald TranscriptMay 3 2021, 2:51 PM
Herald added subscribers: melifaro, farrokhi, ae, imp. · View Herald Transcript
kp requested review of this revision.May 3 2021, 2:51 PM
Harbormaster completed remote builds in B38982: Diff 88540.May 3 2021, 2:51 PM
kp added a child revision: D30093: pf tests: Test killing matching states.May 3 2021, 2:51 PM
kp added a parent revision: D30059: pf tests: Test killing states by gateway.May 3 2021, 2:52 PM
bcr added a subscriber: bcr.May 3 2021, 3:10 PM

Minor man page nit.

sbin/pfctl/pfctl.8
340

Line break after the sentence stop needed here.

kp updated this revision to Diff 88545.May 3 2021, 3:32 PM

Man page nit

Harbormaster completed remote builds in B38984: Diff 88545.May 3 2021, 3:32 PM
bcr accepted this revision as: manpages.May 3 2021, 8:00 PM

Manpage looks good now.
I guess upstream will incorporate it, too.

kp added a comment.May 4 2021, 12:07 PM
In D30092#675436, @bcr wrote:

I guess upstream will incorporate it, too.

We are upstream. The patch was originally submitted against pfsense, but we're the pfsense upstream, so they'll get it as part of their usual sync operations.

bcr added a comment.May 4 2021, 12:12 PM

Right, I thought it was the other way around, but this makes more sense. :-)

This revision was not accepted when it landed; it landed in state Needs Review.May 7 2021, 8:15 PM
Closed by commit rG93abcf17e6cf: pf: Support killing 'matching' states (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG93abcf17e6cf: pf: Support killing 'matching' states.
kp added a commit: rG21449c5c1eee: pf: Support killing 'matching' states.May 14 2021, 1:07 PM
kp added a commit: rG8c610ccac621: pf: Support killing 'matching' states.

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
1 line
1 line
sbin/
pfctl/
13 lines
23 lines
1 line
sys/
net/
1 line
netpfil/
pf/
108 lines

Diff 88872

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...
View Options

sbin/pfctl/pfctl.8

Loading...
View Options

sbin/pfctl/pfctl.c

Loading...
View Options

sbin/pfctl/pfctl_parser.h

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...