Page MenuHomeFreeBSD
Differential D30092

pf: Support killing 'matching' states
ClosedPublic
Actions

Authored by kp on May 3 2021, 2:51 PM.
Tags
None
Referenced Files
F84681820: D30092.diff
Mon, May 27, 2:05 AM
Unknown Object (File)
Sun, May 19, 12:46 AM
Unknown Object (File)
Wed, May 8, 11:43 AM
Unknown Object (File)
Fri, May 3, 8:53 PM
Unknown Object (File)
Wed, May 1, 8:19 PM
Unknown Object (File)
Tue, Apr 30, 7:07 PM
Unknown Object (File)
Apr 23 2024, 2:23 AM
Unknown Object (File)
Apr 18 2024, 9:06 AM
View All 55 Files
Subscribers
ae
bcr
farrokhi
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
manpages
Commits
rG8c610ccac621: pf: Support killing 'matching' states
rG21449c5c1eee: pf: Support killing 'matching' states
rG93abcf17e6cf: pf: Support killing 'matching' states
Summary

Optionally also kill states that match (i.e. are the NATed state or
opposite direction state entry for) the state we're killing.

See also https://redmine.pfsense.org/issues/8555

Submitted by: Steven Brown
Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.May 3 2021, 2:51 PM
Herald added a reviewer: manpages. · View Herald TranscriptMay 3 2021, 2:51 PM
Herald added subscribers: melifaro, farrokhi, ae, imp. · View Herald Transcript
kp requested review of this revision.May 3 2021, 2:51 PM
Harbormaster completed remote builds in B38982: Diff 88540.May 3 2021, 2:51 PM
kp added a child revision: D30093: pf tests: Test killing matching states.May 3 2021, 2:51 PM
kp added a parent revision: D30059: pf tests: Test killing states by gateway.May 3 2021, 2:52 PM
bcr added a subscriber: bcr.May 3 2021, 3:10 PM

Minor man page nit.

sbin/pfctl/pfctl.8
340

Line break after the sentence stop needed here.

kp updated this revision to Diff 88545.May 3 2021, 3:32 PM

Man page nit

Harbormaster completed remote builds in B38984: Diff 88545.May 3 2021, 3:32 PM
bcr accepted this revision as: manpages.May 3 2021, 8:00 PM

Manpage looks good now.
I guess upstream will incorporate it, too.

kp added a comment.May 4 2021, 12:07 PM
In D30092#675436, @bcr wrote:

I guess upstream will incorporate it, too.

We are upstream. The patch was originally submitted against pfsense, but we're the pfsense upstream, so they'll get it as part of their usual sync operations.

bcr added a comment.May 4 2021, 12:12 PM

Right, I thought it was the other way around, but this makes more sense. :-)

This revision was not accepted when it landed; it landed in state Needs Review.May 7 2021, 8:15 PM
Closed by commit rG93abcf17e6cf: pf: Support killing 'matching' states (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG93abcf17e6cf: pf: Support killing 'matching' states.
kp added a commit: rG21449c5c1eee: pf: Support killing 'matching' states.May 14 2021, 1:07 PM
kp added a commit: rG8c610ccac621: pf: Support killing 'matching' states.

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
1 line
1 line
sbin/
pfctl/
13 lines
23 lines
1 line
sys/
net/
1 line
netpfil/
pf/
108 lines

Diff 88872

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...
View Options

sbin/pfctl/pfctl.8

Loading...
View Options

sbin/pfctl/pfctl.c

Loading...
View Options

sbin/pfctl/pfctl_parser.h

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...