Re: pfctl -k id not working

Reply: Özkan KIRIK : "Re: pfctl -k id not working"
In reply to: Kristof Provost : "Re: pfctl -k id not working"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 24 Aug 2021 12:58:19 UTC

On 22 Aug 2021, at 21:01, Kristof Provost wrote:
> On 22 Aug 2021, at 20:58, Oleksandr Kryvulia wrote:
>> 20.08.21 22:01, Özkan KIRIK пишет:
>>> Hi,
>>>
>>> I'm trying to kill a single state using state id. But even state exists, no
>>> (0) states are killed.
>>>
>>> I'm using FreeBSD stable/12 0f97f2a1857a (Jul 26) build. Outputs are below:
>>>
>>> root@freebsd:/ # pfctl -ss -vvv | tail -5
>>> all tcp 10.255.4.134:60684 -> 10.2.3.10:443       ESTABLISHED:ESTABLISHED
>>>    [3857528462 + 256] wscale 7  [2278827950 + 1117184] wscale 9
>>>    age 1002336:42:40, expires in 252932:33:04, 250675:343858 pkts,
>>> 18984576:362136695 bytes, anchor 1308884992, rule 419430400
>>>    id: effe296100000018 creatorid: e9c975c1 gateway: 0.0.0.0
>>>    origif: ix0.167
>>>
>>> root@freebsd:/ # pfctl -k id -k effe296100000018
>>> killed 0 states
>>>
>>> root@freebsd:/ # pfctl -ss -vvv | tail -5
>>> all tcp 10.255.4.134:60684 -> 10.2.3.10:443       ESTABLISHED:ESTABLISHED
>>>    [1005467278 + 256] wscale 7  [2245470126 + 1117184] wscale 9
>>>    age 60966:41:04, expires in 280894:34:40, 250677:343861 pkts,
>>> 18984766:362137617 bytes, anchor 1308884992, rule 419430400
>>>    id: effe296100000018 creatorid: e9c975c1 gateway: 0.0.0.0
>>>    origif: ix0.167
>>>
>>> is it possible to fix it?
>>>
>>> Regards
>>>
>>
>> Same on current.
>
> Thanks for the confirmation. It’s very likely fallout from the nvlist changes I did in that area recently.
> It’s on my list for Monday. It’s likely to be fairly easy to fix.
>
This will be fixed as of e59eff9ad3285838730acf48f6d066cec0e53114 (in main).
MFC to be done next week.

Br,
Kristof