From owner-freebsd-pf@FreeBSD.ORG Mon Nov 10 08:46:32 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D3784953; Mon, 10 Nov 2014 08:46:32 +0000 (UTC) Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9ECB1D7; Mon, 10 Nov 2014 08:46:32 +0000 (UTC) Received: by mail-pa0-f50.google.com with SMTP id eu11so7880099pac.9 for ; Mon, 10 Nov 2014 00:46:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=kbZ9+K5iKnRI5hOwbPc3U5rxVXQybeSSEcCRvvRrYaI=; b=BdrYXoEsERTYPlnFFZPG/CRHLS7xATalxtfszeeOAuxuk+V2s2BIiVYUP6YzvfXkX9 exdgJZ0RNpWdZQ3KKNTtVpaj3bP7lNVS6ebEcPc4rhwEk+R3MiwIZnCjY9yWR8YDW64V YrxOfZmm58qs7gTl+c6lKCHbZO7mm9z9g2lbf/i5vaCxYc/Cz6MEa+SUpLeinDXgtYAG g2ATLP4KqndM/VuA6rWVHlzjc8m3X2+WMQS4mBadLcSYDnELhZ8Y2+N90AQshV1ZLj3H /bHvlSp/b5PU0ZYZ8DN0/rPuX/Cw9zTTtCkAfhNqs4/EOnQGZ9yNpx/gidtZsLxLXSEP k94A== MIME-Version: 1.0 X-Received: by 10.70.131.199 with SMTP id oo7mr2312805pdb.138.1415609192107; Mon, 10 Nov 2014 00:46:32 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.70.73.2 with HTTP; Mon, 10 Nov 2014 00:46:32 -0800 (PST) In-Reply-To: References: Date: Mon, 10 Nov 2014 09:46:32 +0100 X-Google-Sender-Auth: 7Ni7ag8DIj0HEnyJymEX--eeyYs Message-ID: Subject: Re: [Bug 172648] [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet checksum on SYN ACK From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= To: bugzilla-noreply@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Nov 2014 08:46:33 -0000 Give this patch inline a try: --- a/patches/releng/10.1/pf_reply-to.enahnce.diff +++ b/patches/releng/10.1/pf_reply-to.enahnce.diff @@ -1,8 +1,33 @@ +diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c +index 837b617..b6c37a9 100644 +--- a/sys/netinet6/ip6_output.c ++++ b/sys/netinet6/ip6_output.c +@@ -185,7 +185,7 @@ static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int); + }\ + } while (/*CONSTCOND*/ 0) + +-static void ++void + in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset) + { + u_short csum; +diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h +index 70e487e..0d72b37 100644 +--- a/sys/netinet6/ip6_var.h ++++ b/sys/netinet6/ip6_var.h +@@ -445,6 +445,7 @@ int rip6_usrreq(struct socket *, + int dest6_input(struct mbuf **, int *, int); + int none_input(struct mbuf **, int *, int); + ++void in6_delayed_cksum(struct mbuf *, uint32_t, u_short); + int in6_selectsrc(struct sockaddr_in6 *, struct ip6_pktopts *, + struct inpcb *inp, struct route_in6 *, struct ucred *cred, + struct ifnet **, struct in6_addr *); diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c -index 6bc7ce6..2ceaf0e 100644 +index a76d06e..257fae2 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c -@@ -343,11 +343,9 @@ do { \ +@@ -335,11 +335,9 @@ do { \ } \ if ((d) == PF_OUT && \ (((s)->rule.ptr->rt == PF_ROUTETO && \ @@ -17,7 +42,7 @@ index 6bc7ce6..2ceaf0e 100644 return (PF_PASS); \ } while (0) -@@ -5888,7 +5886,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, +@@ -5646,7 +5644,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, else if (r->rt == PF_ROUTETO && r->direction == dir && in_localip(ip->ip_dst)) return; @@ -31,7 +56,7 @@ index 6bc7ce6..2ceaf0e 100644 if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address list?! */ return; -@@ -6127,7 +6130,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, +@@ -5885,7 +5888,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, } else if (r->rt == PF_ROUTETO && r->direction == dir && in6_localaddr(&ip6->ip6_dst)) return; @@ -45,3 +70,31 @@ index 6bc7ce6..2ceaf0e 100644 if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL && r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) { +diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c +index dbd92f9..621a4f5 100644 +--- a/sys/netpfil/pf/pf_ioctl.c ++++ b/sys/netpfil/pf/pf_ioctl.c +@@ -72,6 +72,7 @@ __FBSDID("$FreeBSD$"); + #include + #include + #include ++#include + #include + + #ifdef INET6 +@@ -3690,12 +3691,9 @@ pf_check6_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, + int chk; + + /* We need a proper CSUM before we start (s. OpenBSD ip_output) */ +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { +-#ifdef INET +- /* XXX-BZ copy&paste error from r126261? */ +- in_delayed_cksum(*m); +-#endif +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; ++ if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { ++ in6_delayed_cksum(*m, (*m)->m_pkthdr.len - sizeof(struct ip6_hdr), sizeof(struct ip6_hdr)); ++ (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; + } + CURVNET_SET(ifp->if_vnet); + chk = pf_test6(PF_OUT, ifp, m, inp); On Wed, Nov 5, 2014 at 3:29 PM, wrote: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=172648 > > Kurt Jaeger changed: > > What |Removed |Added > > ---------------------------------------------------------------------------- > CC| |pi@FreeBSD.org > > --- Comment #3 from Kurt Jaeger --- > See > > https://lists.freebsd.org/pipermail/freebsd-net/2014-November/040319.html > > -- > You are receiving this mail because: > You are the assignee for the bug. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal