Re: kern/59615: NPF seems to block all traffic with an HEAD (11.99.x) kernel and netbsd-10 userland

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,leot%NetBSD.org@localhost
Subject: Re: kern/59615: NPF seems to block all traffic with an HEAD (11.99.x) kernel and netbsd-10 userland
From: "Emmanuel Nyarko via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Sun, 7 Sep 2025 15:55:01 +0000 (UTC)

The following reply was made to PR kern/59615; it has been noted by GNATS.

From: Emmanuel Nyarko <emmankoko519%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: kern-bug-people%netbsd.org@localhost,
 gnats-admin%netbsd.org@localhost,
 netbsd-bugs%netbsd.org@localhost,
 "leot%netbsd.org@localhost" <leot%NetBSD.org@localhost>
Subject: Re: kern/59615: NPF seems to block all traffic with an HEAD (11.99.x)
 kernel and netbsd-10 userland
Date: Sun, 7 Sep 2025 15:51:36 +0000

 > On 6 Sep 2025, at 2:15=E2=80=AFPM, Leonardo Taccari via gnats =
 <gnats-admin%NetBSD.org@localhost> wrote:
 >=20
 > The following reply was made to PR kern/59615; it has been noted by =
 GNATS.
 >=20
 > From: Leonardo Taccari <leot%NetBSD.org@localhost>
 > To: gnats-bugs%netbsd.org@localhost
 > Cc:=20
 > Subject: Re: kern/59615: NPF seems to block all traffic with an HEAD =
 (11.99.x) kernel and netbsd-10 userland
 > Date: Sat, 06 Sep 2025 16:10:23 +0200
 >=20
 > Hello Emmanuel,
 >=20
 > Emmanuel Nyarko writes:
 >>=20
 >=20
 > I have tested it (both the former patch that you have shared off-list
 > and I attached here a couple of days ago and this one you have shared
 > yesterday) and I can confirm that now the stats looks good:
 
 committing this. @leot
 
 Index: ./sys/net/npf/npf_ruleset.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /cvsroot/src/sys/net/npf/npf_ruleset.c,v
 retrieving revision 1.56
 diff -u -r1.56 npf_ruleset.c
 --- ./sys/net/npf/npf_ruleset.c	1 Jul 2025 18:42:37 -0000	1.56
 +++ ./sys/net/npf/npf_ruleset.c	7 Sep 2025 15:47:06 -0000
 @@ -925,7 +925,14 @@
  		const unsigned skip_to =3D rl->r_skip_to & SKIPTO_MASK;
  		const uint32_t attr =3D rl->r_attr;
 =20
 -		if ((attr & layer) =3D=3D 0) {
 +		/*
 +		 * PR kern/59615
 +		 * we are skipping rule inspection on two cases
 +		 * if layer attributes are set but we are on a different =
 layer
 +		 * or if no layer attributes set (10 userland), don't =
 inspect at layer 2
 +		 */
 +		if ((((attr & (NPF_RULE_LAYER_2 | NPF_RULE_LAYER_3)) && =
 (attr & layer) =3D=3D 0)) ||
 +		    (((attr & (NPF_RULE_LAYER_2 | NPF_RULE_LAYER_3)) =3D=3D=
  0) && layer =3D=3D NPF_RULE_LAYER_2)) {
  			n =3D skip_to;
  			continue;
  		}
 
 
 RCS file: /cvsroot/src/sys/net/npf/npf.h,v
 retrieving revision 1.67
 diff -u -r1.67 npf.h
 --- sys/net/npf/npf.h 1 Jul 2025 18:42:37 -0000 1.67
 +++ sys/net/npf/npf.h 4 Sep 2025 11:41:15 -0000
 @@ -355,11 +355,9 @@
   NPF_STAT_PASS_DEFAULT,
   NPF_STAT_PASS_RULESET,
   NPF_STAT_PASS_CONN,
 - NPF_ETHER_STAT_PASS,
   /* Packets blocked. */
   NPF_STAT_BLOCK_DEFAULT,
   NPF_STAT_BLOCK_RULESET,
 - NPF_ETHER_STAT_BLOCK,
   /* Connection and NAT entries. */
   NPF_STAT_CONN_CREATE,
   NPF_STAT_CONN_DESTROY,
 @@ -382,6 +380,9 @@
   /* nbuf non-contiguous cases. */
   NPF_STAT_NBUF_NONCONTIG,
   NPF_STAT_NBUF_CONTIG_FAIL,
 + /* layer 2 statistics */
 + NPF_ETHER_STAT_PASS,
 + NPF_ETHER_STAT_BLOCK,
   /* Count (last). */
   NPF_STATS_COUNT
  } npf_stats_t;
 
 
 
 fixes PR.
 
 
 Emmanuel

Prev by Date: Re: kern/59615: NPF seems to block all traffic with an HEAD (11.99.x) kernel and netbsd-10 userland
Next by Date: bin/59639: sed(1) man page is wrong about case-insensitivity flag
Previous by Thread: Re: kern/59615: NPF seems to block all traffic with an HEAD (11.99.x) kernel and netbsd-10 userland
Next by Thread: port-m68k/59616: m68k softfloat nans and infs have to be preserved when changing sizes
Indexes:

Home | Main Index | Thread Index | Old Index