Re: PF and IPv6 UDP fragmented packets
Hi, can I get an explanation/argument as to why, and what implications it has when I don't enable it? Cheers, -- László Károlyi http://linkedin.com/in/karolyi On 2019-08-31 23:10, Kristof Provost wrote: > On 2019-08-31 22:42:59 (+0200), László Károlyi wrote: >> Hey, >> >> I've installed unbound into a jail to use it as a nameserver. After >> setting up PF to allow UDP fragments to the jail's IPv6 address, I still >> saw PF dropping the UDP fragment packages arriving to and from my jail. >> According to the pf.conf readme, the IP header of the fragmented packets >> still contain the protocol type (TCP/UDP), but not the port number. I >> hope it's not a documentation bug. >> > You really, really want to have pf reassemble packets prior to > filtering. > Use 'scrub all fragment reassemble'. > > Regards, > Kristof signature.asc Description: OpenPGP digital signature
[Bug 240247] Correct HISTORY section of null(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240247 Bug ID: 240247 Summary: Correct HISTORY section of null(4) manual page Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Manual Pages Assignee: b...@freebsd.org Reporter: gbergl...@gmail.com CC: d...@freebsd.org Created attachment 207061 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=207061&action=edit Patch for null(4) man page /dev/null has its origin in AT&T v4 and not in v7. Obtained from OpenBSD facts researched from: https://minnie.tuhs.org/cgi-bin/utree.pl?file=V4/man/man1/sh.1 https://minnie.tuhs.org/cgi-bin/utree.pl?file=V4/nsys/ken/mem.c https://minnie.tuhs.org/cgi-bin/utree.pl?file=V5/usr/sys/dmr/mem.c https://minnie.tuhs.org/cgi-bin/utree.pl?file=V6/usr/man/man4/mem.4 -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240248] Correct HISTORY section of null(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240248 Bug ID: 240248 Summary: Correct HISTORY section of null(4) manual page Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Manual Pages Assignee: b...@freebsd.org Reporter: gbergl...@gmail.com CC: d...@freebsd.org /dev/null has its origin in AT&T v4 and not in v7. Obtained from OpenBSD facts researched from: https://minnie.tuhs.org/cgi-bin/utree.pl?file=V4/man/man1/sh.1 https://minnie.tuhs.org/cgi-bin/utree.pl?file=V4/nsys/ken/mem.c https://minnie.tuhs.org/cgi-bin/utree.pl?file=V5/usr/sys/dmr/mem.c https://minnie.tuhs.org/cgi-bin/utree.pl?file=V6/usr/man/man4/mem.4 -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240248] Correct HISTORY section of null(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240248 --- Comment #1 from Gordon Bergling --- Created attachment 207062 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=207062&action=edit Patch for null(4) man page -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240248] Correct HISTORY section of null(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240248 Gordon Bergling changed: What|Removed |Added Keywords||patch -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240248] Correct HISTORY section of null(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240248 --- Comment #2 from Mark Linimon --- *** Bug 240247 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240247] Correct HISTORY section of null(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240247 Mark Linimon changed: What|Removed |Added Status|New |Closed Resolution|--- |DUPLICATE --- Comment #1 from Mark Linimon --- *** This bug has been marked as a duplicate of bug 240248 *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240250] Add STANDARDS Section to gre(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240250 Bug ID: 240250 Summary: Add STANDARDS Section to gre(4) manual page Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Manual Pages Assignee: b...@freebsd.org Reporter: gbergl...@gmail.com CC: d...@freebsd.org Created attachment 207066 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=207066&action=edit patch for standards section in gre(4) Add STANDARDS section to the gre(4) manual page. Obtained from OpenBSD -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240250] Add STANDARDS Section to gre(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240250 Gordon Bergling changed: What|Removed |Added Keywords||patch -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240248] Correct HISTORY section of null(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240248 Yuri Pankov changed: What|Removed |Added CC||se...@freebsd.org, ||yur...@freebsd.org --- Comment #3 from Yuri Pankov --- This seems to be already fixed in base r351631. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240248] Correct HISTORY section of null(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240248 Sevan Janiyan changed: What|Removed |Added Resolution|--- |Not Accepted Status|New |Closed --- Comment #4 from Sevan Janiyan --- (In reply to Yuri Pankov from comment #3) Indeed. Gordon, thanks for the patch anyway. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
Re: PF and IPv6 UDP fragmented packets
On 1 Sep 2019, at 2:31, László Károlyi wrote: On 2019-08-31 23:10, Kristof Provost wrote: On 2019-08-31 22:42:59 (+0200), László Károlyi wrote: Hey, I've installed unbound into a jail to use it as a nameserver. After setting up PF to allow UDP fragments to the jail's IPv6 address, I still saw PF dropping the UDP fragment packages arriving to and from my jail. According to the pf.conf readme, the IP header of the fragmented packets still contain the protocol type (TCP/UDP), but not the port number. I hope it's not a documentation bug. You really, really want to have pf reassemble packets prior to filtering. Use 'scrub all fragment reassemble'. can I get an explanation/argument as to why, and what implications it has when I don't enable it? From man pf.conf: fragment reassemble Using scrub rules, fragments can be reassembled by normalization. In this case, fragments are buffered until they form a complete packet, and only the completed packet is passed on to the filter. The advantage is that filter rules have to deal only with complete packets, and can ignore fragments. The drawback of caching fragments is the additional memory cost. Basically that means that pf gets to look at the complete packet, and it can make decisions about the complete packet as well. So rather than choosing between dropping all fragments or allowing **all** UDP/TCP traffic (because attackers can just fragment to hide the port numbers) you get to enforce your policies. Regards, Kristof ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240252] Add smbios(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240252 Bug ID: 240252 Summary: Add smbios(4) manual page Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Manual Pages Assignee: b...@freebsd.org Reporter: gbergl...@gmail.com CC: d...@freebsd.org Created attachment 207069 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=207069&action=edit smbios(4) manpage The attached patch includes a basic manual page for smbios(4). -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240252] Add smbios(4) manual page
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240252 Gordon Bergling changed: What|Removed |Added Keywords||patch Severity|Affects Only Me |Affects Some People -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
Problem reports for b...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- In Progress |221973 | cam iosched: BIO_ZONE commands probably shouldn't In Progress |221974 | cam iosched: The iops limiter should enforce limi New |197876 | [devfs] an error in devfs leads to data loss and New |198797 | [PATCH] Added an option to install BSDstats to bs New |202362 | ntp: restore refclocks selection (10.2-RELEASE re New |202740 | vi/ex string substitution problem when there is m New |204097 | witness_initialize() does not perform bound check New |206336 | [patch] usr.sbin/freebsd-update allow proxy confi New |209213 | UEFI Loader shows only black screen with Nvidia G New |210804 | installerconfig - using ZFS create in custom scri New |223470 | freebsd-update: Cannot identify running kernel (/ New |224436 | vt: CONS_CLRHIST (vidcontrol -C) not implemented New |230620 | "install -d" issue New |235085 | [PATCH] Option to make rc.d/sysctl more verbose ( Open| 71667 | [patch] cleanup of the usr.sbin/bootparamd code Open|182466 | [headers] [patch] make self-contained Open|183618 | [panic] Dell PowerEdge R620 -- PERC H710 Mini (mf Open|187015 | agpgart: Panic make_dev_credv: bad si_name (error Open|194925 | [pf] [ifconfig] interface group keywords do not w Open|197921 | scheduler: Allow non-migratable threads to bind t Open|206528 | Emulex LPe 16002 FC HBA Not Recognized by oce(4) Open|207248 | [patch] daemon(8): Add option to redirect stdout Open|207940 | stand/efi/boot1: Add boot partition selection Open|211713 | NVME controller failure: resetting (Samsung SM961 Open|212608 | sockstat(1) and lsof(8) can not identity the owne Open|220246 | syslogd does not send RFC3164-conformant messages Open|221305 | Mouse cursor loss when moving cursor while loadin Open|221550 | kern.bootfile returns only /kernel on mips64 (ERL Open|221854 | makefs: Reject UFS labels that are too long to fi Open|222632 | connect(2) not available in capability mode Open|229616 | bin/dd: add conv=fsync, handle errors in close(2) Open|231810 | [build] release always fails with "mkimg: partiti Open|233578 | Unprivileged local user can prevent other users l Open|233988 | [patch] freebsd-update: improve progress output o Open|236718 | system panics with message: vm_fault_hold: fault Open|237271 | Radeon video card no longer works on 12-STABLE (a Open|237287 | moused(8) ignores button release events in virtua Open|237924 | Possible infinite loop in function empty_aux_buff Open|237981 | cxgb(4): Driver doesn't work with latest (7.12) C Open|238183 | cam/scsi/scsi_sa.c: warnings issued by static ana Open|238486 | Possible buffer overflow bug in sc_allocate_keybo Open|238638 | mfi: Remove unnecessary pointer printing in mfi.c Open|238837 | init: Remove P_SYSTEM flag from PID 1 to allow ea Open|239552 | Quotas on NFS shares broken (return: none) on 11. Open|239976 | Integer Overflow: ping(8) option "-s", bypass the Open|239977 | Integer Overflow: ping(8) option "-G" and "-g", b Open|239978 | Integer Overflow: ping(8) option "-h", bypass the New |230955 | [patch] Some speedup mergemaster 48 problems total for which you should take action. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240257] crea(2) man page: Correct History Section
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240257 Gordon Bergling changed: What|Removed |Added Severity|Affects Only Me |Affects Some People Keywords||patch -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240257] crea(2) man page: Correct History Section
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240257 Bug ID: 240257 Summary: crea(2) man page: Correct History Section Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Manual Pages Assignee: b...@freebsd.org Reporter: gbergl...@gmail.com CC: d...@freebsd.org Created attachment 207078 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=207078&action=edit crea(2) patch Correct the HISTORY section in the area(2) man page. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240258] exec(3) man page: Add HISTORY section
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240258 Bug ID: 240258 Summary: exec(3) man page: Add HISTORY section Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Manual Pages Assignee: b...@freebsd.org Reporter: gbergl...@gmail.com CC: d...@freebsd.org Created attachment 207079 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=207079&action=edit exec(3) man page patch Add a HISTORY section to the exec(3) man page. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240258] exec(3) man page: Add HISTORY section
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240258 Gordon Bergling changed: What|Removed |Added Keywords||patch -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240259] exit(3) man page: Add HISTORY section
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240259 Gordon Bergling changed: What|Removed |Added Keywords||patch -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240259] exit(3) man page: Add HISTORY section
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240259 Bug ID: 240259 Summary: exit(3) man page: Add HISTORY section Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Manual Pages Assignee: b...@freebsd.org Reporter: gbergl...@gmail.com CC: d...@freebsd.org Created attachment 207080 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=207080&action=edit exit(3) man page patch Add a HISTORY section to the exit(3) man page. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240260] passwd(5) man page: correct HISTORY section
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240260 Bug ID: 240260 Summary: passwd(5) man page: correct HISTORY section Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Manual Pages Assignee: b...@freebsd.org Reporter: gbergl...@gmail.com CC: d...@freebsd.org Created attachment 207081 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=207081&action=edit passwd(5) man page patch The HISTORY section of passed(5) is incorrect. The attached patch addresses this. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 240260] passwd(5) man page: correct HISTORY section
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240260 Gordon Bergling changed: What|Removed |Added Keywords||patch -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 234625] iMac early 2008 garbled screen during install from USB stick
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234625 Jason W. Bacon changed: What|Removed |Added Resolution|--- |Overcome By Events Status|New |Closed --- Comment #3 from Jason W. Bacon --- The workaround I provided here is adequate for this vintage hardware. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 228786] automount interferes with suspend
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228786 Jason W. Bacon changed: What|Removed |Added Resolution|--- |Overcome By Events Status|Open|Closed --- Comment #8 from Jason W. Bacon --- No longer seeing this issue with current releases. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
[Bug 231828] em(4) is unusable after suspend/resume
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231828 --- Comment #14 from Mason Loring Bliss --- Copied from BZ#239443: Random note, running if_em_updated.ko as noted various places has my NIC performing normally after waking. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"