From nobody@FreeBSD.org  Fri Sep 30 09:40:12 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6CE5716A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Sep 2005 09:40:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 397B843D48
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Sep 2005 09:40:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j8U9eB8P034668
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Sep 2005 09:40:11 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j8U9eBM1034667;
	Fri, 30 Sep 2005 09:40:11 GMT
	(envelope-from nobody)
Message-Id: <200509300940.j8U9eBM1034667@www.freebsd.org>
Date: Fri, 30 Sep 2005 09:40:11 GMT
From: Vladimir Kotal <vlada@devnull.cz>
To: freebsd-gnats-submit@FreeBSD.org
Subject: pf does not use default timeouts when reloading config file
X-Send-Pr-Version: www-2.3

>Number:         86752
>Category:       kern
>Synopsis:       [pf] pf does not use default timeouts when reloading config file
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-pf
>State:          analyzed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 30 09:40:15 GMT 2005
>Closed-Date:    
>Last-Modified:  Wed Jul 03 01:32:59 UTC 2013
>Originator:     Vladimir Kotal
>Release:        5.4-RELEASE-p7
>Organization:
>Environment:
FreeBSD XXX 5.4-RELEASE-p7 FreeBSD 5.4-RELEASE-p7 #1: Thu Sep 22 11:01:10 CEST 2005     XXX:/usr/src/sys/i386/compile/XXX  i386
>Description:
      after setting custom timeout values in pf.conf and reloading the config and then commenting out/deleting the lines with timeout settings, the setting remain set.
>How-To-Repeat:
1. set timeout value. e.g. by using following pf.conf line:
   set timeout tcp.closed 60
2. display timeout setting via 'pfctl -s timeout | grep tcp.closed'
3. reload pf configuration via 'pfctl -f /etc/pf.conf'
4. remove or comment out the line set in step 1
5. reload pf configuration
6. display tcp.closed timeout (as in step 2)

expected behavior:
after step 6, tcp.closed timeout should be set to default value
(as seen in step 2)
>Fix:

>Release-Note:
>Audit-Trail:

From: =?ISO-8859-1?Q?Vladim=EDr_Kotal?= <vlada@devnull.cz>
To: bug-followup@FreeBSD.org,
 =?ISO-8859-1?Q?Vladim=EDr_Kotal?= <vlada@devnull.cz>
Cc:  
Subject: Re: kern/86752: pf does not use default timeouts when reloading config file
Date: Tue, 4 Oct 2005 20:38:10 +0200

 This problem can be fixed by applying following patch:
    http://techie.devnull.cz/public/patches/pfctl-timeout.patch
 
 which makes behavior of options consistent with behavior of rules 
 (within pf.conf).
 
 This means that global timeout settings will be applied only when 
 ruleset is parsed successfully (which is not happening in current pf 
 implementation) and also when lines with global timeout settings (or 
 optimization lines) are removed, default timeout settings are restored. 
 (also not happening in current pf implem.)
 
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf 
Responsible-Changed-By: arved 
Responsible-Changed-When: Wed Oct 5 18:01:32 GMT 2005 
Responsible-Changed-Why:  
Over to pf Mailinglist 

http://www.freebsd.org/cgi/query-pr.cgi?pr=86752 

From: Max Laier <max@love2party.net>
To: bug-followup@freebsd.org,
 vlada@devnull.cz
Cc:  
Subject: Re: kern/86752: pf does not use default timeouts when reloading config file
Date: Sun, 9 Oct 2005 03:07:30 +0200

 This problem has been addressed in OpenBSD by the following commit in a clean 
 fashion: 
 http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c#rev1.231
 
 I will look at bringing this back into RELENG_6 after importing OpenBSD 3.8 to 
 HEAD.  Meanwhile, as this is not a critical problem, I'd like to avoid 
 creating large diffs against the vendor branch.
 
 Thanks for the report.
 
 -- 
   Max
State-Changed-From-To: open->analyzed 
State-Changed-By: mlaier 
State-Changed-When: Sun Oct 9 01:11:24 GMT 2005 
State-Changed-Why:  
Import OpenBSD's solution later. 


Responsible-Changed-From-To: freebsd-pf->mlaier 
Responsible-Changed-By: mlaier 
Responsible-Changed-When: Sun Oct 9 01:11:24 GMT 2005 
Responsible-Changed-Why:  
Over to my TODO stack. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=86752 
State-Changed-From-To: analyzed->analyzed 
State-Changed-By: linimon 
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013 
State-Changed-Why:  
commit bit has been taken in for safekeeping. 


Responsible-Changed-From-To: mlaier->freebsd-pf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Jul 3 00:50:32 UTC 2013 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=86752 
>Unformatted:
