Re: kern/59615: NPF seems to block all traffic with an HEAD (11.99.x) kernel and netbsd-10 userland

[Emmanuel Nyarko <emmankoko519%gmail.com@localhost>]

Hi Leo,

Please can you run this patch in and test the kernel.

Index: sys/net/npf/npf.h
===================================================================
RCS file: /cvsroot/src/sys/net/npf/npf.h,v
retrieving revision 1.67
diff -u -r1.67 npf.h
--- sys/net/npf/npf.h	1 Jul 2025 18:42:37 -0000	1.67
+++ sys/net/npf/npf.h	4 Sep 2025 11:41:15 -0000
@@ -355,11 +355,9 @@
 	NPF_STAT_PASS_DEFAULT,
 	NPF_STAT_PASS_RULESET,
 	NPF_STAT_PASS_CONN,
-	NPF_ETHER_STAT_PASS,
 	/* Packets blocked. */
 	NPF_STAT_BLOCK_DEFAULT,
 	NPF_STAT_BLOCK_RULESET,
-	NPF_ETHER_STAT_BLOCK,
 	/* Connection and NAT entries. */
 	NPF_STAT_CONN_CREATE,
 	NPF_STAT_CONN_DESTROY,
@@ -382,6 +380,9 @@
 	/* nbuf non-contiguous cases. */
 	NPF_STAT_NBUF_NONCONTIG,
 	NPF_STAT_NBUF_CONTIG_FAIL,
+	/* layer 2 statistics */
+	NPF_ETHER_STAT_PASS,
+	NPF_ETHER_STAT_BLOCK,
 	/* Count (last). */
 	NPF_STATS_COUNT
 } npf_stats_t;

this patch is to ensure the macros maintain their index values accross 10 and 11 so npfctl does read different values from kernel.

tested on mine and works cool with both a full 11 setup and a 10 userland 11 kernel.

But would like to hear from you too.

Emmanuel