Re: Updating PF to OpenBSD Release 4,1

From: Jan Lentfer <Jan.Lentfer@xxxxxx>
Date: Thu, 10 Jun 2010 21:01:03 +0200

Dunceor schrieb:
On Thu, Jun 10, 2010 at 11:55 AM, Jan Lentfer <Jan.Lentfer@web.de> wrote:
I have made some progress on the PF work. pf.ko can be loaded and unloaded
(now even w/o panic, thanks to Aggelos) and I have updated pfctl to the
version that comes with OpenBSD 4.1. So you can enable PF, load rules and
view then and so on. All that works.
What doesn't work at all at the moment is the actual filtering. Packets
seem to pass through pf (evaluations counter is increased) but pf_test_tcp
seems to always return PF_PASS. I have added a panic("debug") where I think
the investigation should start. Aggelos has helped me a lot on this also
but since I will be away for 2 weeks I would like to make my current status
public. So anyone willing to look into it could do so. I might find the
time to work a little bit on it until friday. I will keep you informed if I
change anything on the tree before I leave.



Nice work but is there a reason why you choose such an old PF version (OpenBSD 4.1 was release in may 2007)?

Because what we have now is 3.5 (2004 or so). With 4.2 a lot of kernel structures need changes. I want to go all the way trough of course to the latest, but let's start with going half the way first :-)


