Re: Updating PF to OpenBSD Release 4,1
Jan Lentfer schrieb:
> I have made some progress on the PF work. pf.ko can be loaded and unloaded
> (now even w/o panic, thanks to Aggelos) and I have updated pfctl to the
> version that comes with OpenBSD 4.1. So you can enable PF, load rules and
> view then and so on. All that works.
> What doesn't work at all at the moment is the actual filtering. Packets
> seem to pass through pf (evaluations counter is increased) but pf_test_tcp
> seems to always return PF_PASS. I have added a panic("debug") where I think
> the investigation should start. Aggelos has helped me a lot on this also
> but since I will be away for 2 weeks I would like to make my current status
> public. So anyone willing to look into it could do so. I might find the
> time to work a little bit on it until friday. I will keep you informed if I
> change anything on the tree before I leave.
>
> http://gitweb.dragonflybsd.org/~lentferj/dragonfly.git/shortlog/refs/heads/pf_update
I have made another major progress on this (again 2 thumbs up for
Aggelos for helping). I tested filtering (block and pass rules), nat and
port forwarding (rdr rules). All of that seems to work fine in my tests.
I have only tested the single features, not in combination, though.
What I have not tested at all until now it ALTQ and DF's fairq extension.
Also state keeping is working (and is now default, not due to my
decision but it became default in OBSD 4.1 afaict). So this is ready now
for "public" testing. I would appreciate very much if people with some
sophisticated setup or in-depth pf knowledge could test and give some
feedback.
Be aware that this still pukes out tons of debugging info (propably not
useful to anyone but me) on the sys console. I will remove those step by
step now.
Finally also be aware that my branch is still based on master from May
or so. I haven't rebased it yet. Will do that some time soon.
http://gitweb.dragonflybsd.org/~lentferj/dragonfly.git/shortlog/refs/heads/pf_update
Jan
討論串 (同標題文章)
完整討論串 (本文為第 10 之 14 篇):