On Wed, 11 Dec 2024 14:25:02 +0100 Ronald Klop <ron...@freebsd.org> wrote:
> Op 09-12-2024 om 19:24 schreef Juraj Lutter: > > > > > >> On 9 Dec 2024, at 19:19, FreeBSD User <free...@walstatt-de.de> wrote: > >> > >> Am Tue, 10 Dec 2024 02:27:10 +0900 > >> Tomoaki AOKI <junch...@dec.sakura.ne.jp> schrieb: > >> > >> My apology for topposting. > >> > >> The host I first realised the problems is updated on an almost daily basis > >> and the issue > >> reported started last weekend. > >> > >> A possible candidate could be > >> > >> https://cgit.freebsd.org/src/commit/sys/netpfil/ipfw?id=0fc7bdc978366abb4351b0b76b50a5848cc5d982 > >> > >> since the other, younger, seem innocent. I try to revert the patch > >> mentioned and see ... > > > > Try to only revert the ip_fw_nat.c part at first. > > > > — > > Juraj Lutter > > o...@freebsd.org > > > > > Hi, > > I did a bisect of commits and my finding is that commit 347dd053 on > 2024-11-29 is the cause. > > "tcp: add TH_AE capabilities to ppp and pf" > https://github.com/freebsd/freebsd-src/commit/347dd0539f3a75fdf2128dd4620ca99e96f311e9 > > The commit before (0fc7bdc978) works fine. > > I cc'ed the author of the commit. > (for context: start of the thread is here: > https://lists.freebsd.org/archives/freebsd-current/2024-December/006778.html, > it looks like the commit breaks a statefull ipfw firewall) > > Regards, > Ronald. Ah, completely missed to check sys/netpfil/ipfilter/netinet directory. And intentionally dropped to check on sys/netpfil, as checking log there would pull in too many noises only related with pf. And even if I've not missed sys/netpfil/ipfilter/netinet, I'm almost sure I've overlooked the commit, as the top of its commit log (shown in https://cgit.freebsd.org/src/log/sys/netpfil/ipfilter/netinet) only states about ppp and pf. -- Tomoaki AOKI <junch...@dec.sakura.ne.jp>
