Updating PF to OpenBSD Release 4,1
Jan.Lentfer at web.de
Thu Jun 10 03:01:57 PDT 2010
I have made some progress on the PF work. pf.ko can be loaded and unloaded
(now even w/o panic, thanks to Aggelos) and I have updated pfctl to the
version that comes with OpenBSD 4.1. So you can enable PF, load rules and
view then and so on. All that works.
What doesn't work at all at the moment is the actual filtering. Packets
seem to pass through pf (evaluations counter is increased) but pf_test_tcp
seems to always return PF_PASS. I have added a panic("debug") where I think
the investigation should start. Aggelos has helped me a lot on this also
but since I will be away for 2 weeks I would like to make my current status
public. So anyone willing to look into it could do so. I might find the
time to work a little bit on it until friday. I will keep you informed if I
change anything on the tree before I leave.
More information about the Kernel