From owner-freebsd-pf@freebsd.org Sun Apr 25 05:57:02 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2D9455F602F for ; Sun, 25 Apr 2021 05:57:02 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-vs1-xe33.google.com (mail-vs1-xe33.google.com [IPv6:2607:f8b0:4864:20::e33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FScjn1Gs4z4kQg; Sun, 25 Apr 2021 05:57:00 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-vs1-xe33.google.com with SMTP id d25so20033412vsp.1; Sat, 24 Apr 2021 22:57:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=4yO6zzD41bfxCNyyGJzQNdPPi6YNgLfzFlfQPrOR5jk=; b=CB8h/akW9oD+hJnwUFOcrgPcyGWU6sQlPi3Dr2zhw4+FCc0+dPTAgG+UUjRX7xDaS/ QMB1LRjnKAKuZCln2Th6KSpK/Chguwj38mdOB8hQQfqpfBoyuu7tFfMsweJmEjswE4Iu 2VqAYvjuSOMZM39BSr1mvAOAo+10kvXQfIVK1R0sqEskYgAMHit/bfC8rV7zO3L03Xcw reNbe9oy5GeLEOJhd1+Psas2IiKBs84uLwqid5a6fZ+TqqmmM8ZTsgYi6tJ3gkvZfJto tgfTwlEqMy/Php41oV2i1TCThhbL9y/kGCaHTdNKmByJGPvrq1QRAFAmBY8FZF6QgZam K2bA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=4yO6zzD41bfxCNyyGJzQNdPPi6YNgLfzFlfQPrOR5jk=; b=BXph8/+8zOLNKSLBIZSpYKiSvZOPeh28w+oAOk3MTzrt6C6odI/i1nPl7td1r5Up6o DuqqNqtQS8bogC3hB8f08KCmYN/p8IVMMyaj3X6W7opaN4ln+/VrPqnkyJ7+axtZeNpO 6q2CKHkrwnt6iSdT+WgIhrNukiyjqmXlgOV8sRxYFZQYkIQbfLL6JDYkhXrMunB0fmPi ldqGkkNMpyQb+GX33/pYmeYVxmWB9FQY9UP0hFGRqW+DxEvGuDwgcXBg2crzzOKwwE73 hCW3+gr1VdUDYjd7vzphjEIXF+Al85Axnx038yeh2wN9tKjWY2no6utvE4H2v31VsLdj atpg== X-Gm-Message-State: AOAM531XQfhlg781MZMD7iMRb3dubO6uMvNxZnsIQ6cNNrkjuYnOJZaI +9V+3NKYgodUPO0j6il5av3wfWgWVdFzZZe4FcoYL5zZtAsu0Q== X-Google-Smtp-Source: ABdhPJwhOz62lVKNIWhCDlwktX0eCeTeq7+Gl+IRCeMt21ae3/X2BoOm+u6P7XiDepajXSc4la+kTxrAthHEeu6oDwY= X-Received: by 2002:a05:6102:389:: with SMTP id m9mr2214805vsq.33.1619330219742; Sat, 24 Apr 2021 22:56:59 -0700 (PDT) MIME-Version: 1.0 From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Sun, 25 Apr 2021 08:56:49 +0300 Message-ID: Subject: pf - SCTP ports are not allowed in filter rules. To: freebsd-pf@freebsd.org, Kristof Provost X-Rspamd-Queue-Id: 4FScjn1Gs4z4kQg X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=CB8h/akW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates 2607:f8b0:4864:20::e33 as permitted sender) smtp.mailfrom=ozkankirik@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::e33:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; NEURAL_SPAM_SHORT(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::e33:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::e33:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-pf] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Apr 2021 05:57:02 -0000 Hi, SCTP protocol header has src port and dst port fields. But pf doesn't supports. # echo "pass log (to pflog0) quick proto SCTP from any to any port 13873" | pfctl -f - stdin:1: port only applies to tcp/udp stdin:1: skipping rule due to errors stdin:1: rule expands to no valid combination pfctl: Syntax error in config file: pf rules not loaded # I tried to write same rule with ipfw. It works. # ipfw add 200 allow sctp from any to any 13873 00200 allow sctp from any to any 13873 Do I have a mistake or filtering for SCTP ports are not supported by pf ? Is it possible to fix ? Best Regards Ozkan From owner-freebsd-pf@freebsd.org Sun Apr 25 08:08:55 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 075FA5F96CE for ; Sun, 25 Apr 2021 08:08:55 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FSgdy6v1nz4rCX; Sun, 25 Apr 2021 08:08:54 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id C52482347; Sun, 25 Apr 2021 08:08:54 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 30D2C41CCC; Sun, 25 Apr 2021 10:08:53 +0200 (CEST) From: "Kristof Provost" To: "=?utf-8?q?=C3=96zkan?= KIRIK" Cc: freebsd-pf@freebsd.org Subject: Re: pf - SCTP ports are not allowed in filter rules. Date: Sun, 25 Apr 2021 10:08:52 +0200 X-Mailer: MailMate (1.13.2r5673) Message-ID: <69368466-D69F-4F7D-92C8-A4DFDD3D9A61@FreeBSD.org> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Apr 2021 08:08:55 -0000 On 25 Apr 2021, at 7:56, Özkan KIRIK wrote: > SCTP protocol header has src port and dst port fields. But pf doesn't > supports. > > # echo "pass log (to pflog0) quick proto SCTP from any to any port > 13873" | pfctl -f - > stdin:1: port only applies to tcp/udp > stdin:1: skipping rule due to errors > stdin:1: rule expands to no valid combination > pfctl: Syntax error in config file: pf rules not loaded > # > > I tried to write same rule with ipfw. It works. > > # ipfw add 200 allow sctp from any to any 13873 > 00200 allow sctp from any to any 13873 > > Do I have a mistake or filtering for SCTP ports are not supported by > pf ? > Is it possible to fix ? > Pf does not support SCTP in any meaningful way. I have no plans to add SCTP support either. Note that doing so involves a lot more than just teaching it to look at SCTP port numbers. Pf is a /stateful/ firewall, so we’d have to teach it the entire SCTP protocol lifecycle. Best regards, Kristof From owner-freebsd-pf@freebsd.org Sun Apr 25 08:58:12 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E08E75FB0B1 for ; Sun, 25 Apr 2021 08:58:12 +0000 (UTC) (envelope-from pi@freebsd.org) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FShkr4TpNz4smZ; Sun, 25 Apr 2021 08:58:12 +0000 (UTC) (envelope-from pi@freebsd.org) Received: from pi by home.opsec.eu with local (Exim 4.94 (FreeBSD)) (envelope-from ) id 1laaaV-000OgS-Uo; Sun, 25 Apr 2021 10:57:59 +0200 Date: Sun, 25 Apr 2021 10:57:59 +0200 From: Kurt Jaeger To: =?iso-8859-1?Q?=D6zkan?= KIRIK Cc: freebsd-pf@freebsd.org, Kristof Provost Subject: Re: pf - SCTP ports are not allowed in filter rules. Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4FShkr4TpNz4smZ X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[freebsd.org]; TAGGED_RCPT(0.00)[]; ASN(0.00)[asn:12502, ipnet:2001:14f8::/32, country:DE] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Apr 2021 08:58:12 -0000 Hi! > SCTP protocol header has src port and dst port fields. But pf doesn't > supports. > > # echo "pass log (to pflog0) quick proto SCTP from any to any port > 13873" | pfctl -f - > stdin:1: port only applies to tcp/udp > stdin:1: skipping rule due to errors > stdin:1: rule expands to no valid combination > pfctl: Syntax error in config file: pf rules not loaded > # > > I tried to write same rule with ipfw. It works. > > # ipfw add 200 allow sctp from any to any 13873 > 00200 allow sctp from any to any 13873 > > Do I have a mistake or filtering for SCTP ports are not supported by pf ? > Is it possible to fix ? sys/netpfil/pf/ has some ifdefs that reference SCTP. So, if you recompile your kernel with options SCTP options SCTP_SUPPORT it might improve, but the ifdefed code does not seem very far-reaching. The user-space tooling (pfctl) does not seem to support sctp as keyword ? -- pi@opsec.eu +49 171 3101372 Now what ? From owner-freebsd-pf@freebsd.org Sun Apr 25 21:00:11 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3A41D5EBA85 for ; Sun, 25 Apr 2021 21:00:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4FT0lv10DTz4cbg for ; Sun, 25 Apr 2021 21:00:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 220E75EBA20; Sun, 25 Apr 2021 21:00:11 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 21D9B5EB934 for ; Sun, 25 Apr 2021 21:00:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FT0lv0Krdz4cKr for ; Sun, 25 Apr 2021 21:00:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F12C41B086 for ; Sun, 25 Apr 2021 21:00:10 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 13PL0ACi095551 for ; Sun, 25 Apr 2021 21:00:10 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 13PL0Avj095549 for pf@FreeBSD.org; Sun, 25 Apr 2021 21:00:10 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202104252100.13PL0Avj095549@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 25 Apr 2021 21:00:10 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Apr 2021 21:00:11 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p Open | 237973 | pf: implement egress keyword to simplify rules ac 2 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Mon Apr 26 23:02:51 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AE2155F38A9 for ; Mon, 26 Apr 2021 23:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4FTgQz4MrZz4gNQ for ; Mon, 26 Apr 2021 23:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 960495F3731; Mon, 26 Apr 2021 23:02:51 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 95CCF5F3576 for ; Mon, 26 Apr 2021 23:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FTgQz3nbXz4gTv for ; Mon, 26 Apr 2021 23:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 74D5E7B7E for ; Mon, 26 Apr 2021 23:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 13QN2pxh007267 for ; Mon, 26 Apr 2021 23:02:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 13QN2pYE007266 for pf@FreeBSD.org; Mon, 26 Apr 2021 23:02:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 255432] pf fragment reassembly leads to invalid IP checksum since 13.0-RELEASE Date: Mon, 26 Apr 2021 23:02:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2021 23:02:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255432 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |pf@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Apr 27 18:51:08 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 629A05FB6D0 for ; Tue, 27 Apr 2021 18:51:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4FV9p42B9Pz4lD2 for ; Tue, 27 Apr 2021 18:51:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 490F65FB630; Tue, 27 Apr 2021 18:51:08 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 48D9E5FB5D4 for ; Tue, 27 Apr 2021 18:51:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FV9p41XScz4l9k for ; Tue, 27 Apr 2021 18:51:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 27F0F1FDD2 for ; Tue, 27 Apr 2021 18:51:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 13RIp8XH087264 for ; Tue, 27 Apr 2021 18:51:08 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 13RIp8Yk087263 for pf@FreeBSD.org; Tue, 27 Apr 2021 18:51:08 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 255432] pf fragment reassembly leads to invalid IP checksum since 13.0-RELEASE Date: Tue, 27 Apr 2021 18:51:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Apr 2021 18:51:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255432 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|pf@FreeBSD.org |kp@freebsd.org Status|New |Open --- Comment #8 from Kristof Provost --- I was going to ask you to confirm that it's really the pf scrub code that d= oes this, but I've got a test case using epair that appears to demonstrate the problem as well. So the good news is that it is trivially reproducible, and that we'll have a test case to prevent regressions when we fix this. Test case: https://reviews.freebsd.org/D30013 I'm hopeful that I'll be able to dig into the actual cause tomorrow. --=20 You are receiving this mail because: You are the assignee for the bug.=