Date: Sun, 8 Jan 2017 15:55:32 +0100 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: freebsd-pf@freebsd.org Subject: udp - weird behavior of reply-to Message-ID: <20170108145532.GA17695@plan-b.pwste.edu.pl>
next in thread | raw e-mail | index | archive | help
--DocE+STaALJfprDB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable For a long period of time, I have been using reply-to rules for a few TCP and one UDP service which had been introduced for HA reasons and are used quite rarely.=20 After upgrade to 11-STABLE the rules for TCP traffic work as expected, providing kind of symmetric routing, but UDP traffic ignores reply-to directive and UDP service is responding only partially via default gateway. Worse, only one UDP segment passes in one direction for UDP service. As a result, the whole communication is broken. PF states look like this: all udp 88.199.x.x:1197 <- 62.x.y.z:58781 NO_TRAFFIC:SINGLE all udp 88.199.y.y:1197 -> 62.x.y.z:58781 SINGLE:NO_TRAFFIC Similar rule for tcp traffic works flawlessly:=20 all tcp 88.199.x.x:50001 <- 62.x.y.z:56330 ESTABLISHED:ESTABLISHED It is not an underlying service issue, additional tests were performed using netcat. The rules weren't changed, at least since the machine was running 9-STABLE and then everything worked correctly. The machine is currently running 11.0-STABLE r311637 compiled for i386 arch. Is it a bug to be officially submitted or it will not be possible to use reply-to for UDP traffic anymore? --=20 Marek Zarychta --DocE+STaALJfprDB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlhyUuEACgkQdZ/s//1S jSyz4AgAoICDnUaabnhlQTIs67CMXZD3XnZwmbdggVcr2VIC+kePF8Edyz9cr9bK 60zHxGuhFazWY5S2CqvtLEE2AEdwKmpo/IkSy+NG2MrCXKJj+mDMFYpB3/a3+f9S +BEL+S2cxZOedDS+MpIBGCUiS3dAdTTrplXDrSDuF32ykU4gmEFBx6tiAmWvPnD9 qMlkwKp5mWTPMpuiRIkyXJPmY01VWXWQahCY5M85mvxjmv7wkCmjg+7uwufV3MXm CIabbKy+F45kTWBMcZyDj9rbpQi7UQd9ThA0qsoS5BEUxmHKoJ5wigotdLHB9Qrs q4hfUPmz7C3H+Slfi2U0ZePXsvNr4w== =kb3f -----END PGP SIGNATURE----- --DocE+STaALJfprDB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170108145532.GA17695>