From owner-freebsd-pf@freebsd.org Wed May 20 19:35:25 2020 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A8AB32F3230 for ; Wed, 20 May 2020 19:35:25 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49S2z06tBZz4gCb for ; Wed, 20 May 2020 19:35:24 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-ua1-x92a.google.com with SMTP id k3so1683641ual.8 for ; Wed, 20 May 2020 12:35:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=GB2ZxQuwBDga1DwnH0iGwQxEycW9Lon+8SyKr8HxCM8=; b=KbdENTy86HyHR3tm+tz/VZr0TJW+AS9c35OYR7eHvUSsWuIlVHBMnYqJqgY72y8qAT A/3EBDH8D8TGM/f8m5Avw7u+rroEiTxiC+bO+xVfKNm9jmobly6k8nT4+Xt4D92ZbkkX /Zu5LTKsci1ggdg9UMGHYdTQDqDwCEJE0GEwQMtPysW2hjUzLUPGup8cfBVXMdaFqn3O HrvUNNnJYZJtZzZzDjeT5UGWdAE6PFaHwzPSGMwPfEmK/qgWerNomUBnW2YCkGuwjdFy zAqNhg3OTIDCet2RoBNEm6Ff6ZkzGbddaSdxNOG5QBYppeioL2d+U4ZgkYvcxsMtopvG xTYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=GB2ZxQuwBDga1DwnH0iGwQxEycW9Lon+8SyKr8HxCM8=; b=UbOSWPhPIQZ3TeReI7o+ZhV7CMx+wd2F74qGVOoVdwF/kPjCrC8PFkx8UbmPQulHIN wx3u2y7RWu48s1ao3OhxPeyv9c5msR2VMJbFQtvkgpOSbkP2gkNXoIDvsaGs1ubtP660 Mk5HFeqQO66tSSPmac6u43gDbfDw/ll1aAr/b/Z2ApMpDaOIgekHpwdt71Bdx3fassWR qN0C9hiRMGoNKC6AVvxHSBVUGFmJlPjAapXchOT3YRIELBp1iuXkz1YEFC2E50jRCjFu AoE8WFfquD2LjGNyRhL02l/c3r1nEFhC42fjUlq46lzEqrsrpJC06RhclA+PP1CT+rKA Sg+w== X-Gm-Message-State: AOAM531D49dBo9vGlGW/nQ6Il485x3JmoABRn+lezUH5DGX9hcyX7vdX 49dI3PxiYYgzEXlfD/ddbrZ506iWt0uc3S5Q93Ro/09FtjAeGw== X-Google-Smtp-Source: ABdhPJzlU+dp921D65P5ZzU5Men4fswlwBPiChHCuy2vQpeGqDIMJTlYezEPIXEOwxFfp0QMAYqV5UI9KtkIJqfs0N0= X-Received: by 2002:ab0:22c5:: with SMTP id z5mr4565083uam.48.1590003323518; Wed, 20 May 2020 12:35:23 -0700 (PDT) MIME-Version: 1.0 From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Wed, 20 May 2020 22:35:09 +0300 Message-ID: Subject: PF and Multicast Routing To: freebsd-pf@freebsd.org X-Rspamd-Queue-Id: 49S2z06tBZz4gCb X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=KbdENTy8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates 2607:f8b0:4864:20::92a as permitted sender) smtp.mailfrom=ozkankirik@gmail.com X-Spamd-Result: default: False [-1.17 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.58)[-0.584]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.51)[-0.509]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::92a:from]; NEURAL_SPAM_SHORT(0.09)[0.088]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; R_MIXED_CHARSET(0.83)[subject]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2020 19:35:25 -0000 Hello, I'm running FreeBSD 12.1-Stable. pimd is running. When I enabled pf, multicast traffic is dropped. I wrote a single basic rule: pass quick all allow-opts but still multicast traffic is dropped. after pfctl -xm, dmesg shows this error: pf: dropping packet with ip options pf: dropping packet with ip options ... What is the solution? Thanks From owner-freebsd-pf@freebsd.org Wed May 20 20:06:02 2020 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1237A2F39EF for ; Wed, 20 May 2020 20:06:02 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49S3fK1xnbz3SpT for ; Wed, 20 May 2020 20:06:01 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-ua1-x934.google.com with SMTP id f9so1739455uaq.2 for ; Wed, 20 May 2020 13:06:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=3kcuykVV9FrUfiJSZQrJp7S+1OM3uEDtDRXzoznB+AY=; b=PVGBU9RI+/BTmcGreKQP6bZdN7bzVWYYuvM33CLFLhR/bXyu4omkwAG5Y5hBnVcon0 Ogi1iw9nbOENXNVEEiwXHdMhbNF1U+/WrufWIntMbidzbBWVlNaSodtbmEeobkv1FfH2 Yjr9u6PT4z8pELX7gHLrgSit3c5bZyHRBH2WaPjli4mA8vICIusCO+OZx6oeCHk/6GS1 GalUBa4AZPyglwm48yUWZvYIE9fRanhuU6JKekCwj2qigpZemUbbXDYAuojznKB7SdC/ 4MDRCAnsVkGlNb/L7ncOetnAk2ZtDzZi2vC1i7ewZ+4iO4zYfirmzwnJBS/v8UvHZcm8 3dCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=3kcuykVV9FrUfiJSZQrJp7S+1OM3uEDtDRXzoznB+AY=; b=PAUCGOAMzdUOUvR+gTi6OjROLelgTu8LZUl+qpVYlUPz36lvt9bn1EcI8pGucgDzRf cy3cvzKmVRK3pISu/bqeb1bCzG6mYZqq0yP2DWzz0r1C5bLal14DRDPMTFl4QI4Hrw3s Z8Lccgb1xl7geBqBZpPWRsJfgbpoQMNgPGGXyflaPK1AcHQJtcsqtw7ZavnHFqBm4ICV oFgwDrICFiwD3P/JED7Ah0CwG/p+wqYokKffgkdZ4j8uyGIgWRBEFR4OqrhurTdL+fn4 8GUVuRLxVgGV1odzQmU7RW2sqGIwfJqqlS2miUuEQX/sBuOOJPThUoVi/BXvfBXtO0/N 3QLQ== X-Gm-Message-State: AOAM531WbAqwm6TQEsFYLw6BY/Nxclr19VC1m1Ew208999AoRhGB1x6t UD58HHxyl8weD13lyHHxsrkVY5NRGdXmW3Y8PmSi8olJIu8Yng== X-Google-Smtp-Source: ABdhPJw2PS0KLmuRdIebtg9LGnPxFoA9V2B3nqtvL51gcMLPvh2EBvM4x2A2oMy1BnU7e878uo0EGBsLdKc2eom3fFc= X-Received: by 2002:ab0:e17:: with SMTP id g23mr4773321uak.31.1590005159792; Wed, 20 May 2020 13:05:59 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Wed, 20 May 2020 23:05:46 +0300 Message-ID: Subject: Re: PF and Multicast Routing To: freebsd-pf@freebsd.org X-Rspamd-Queue-Id: 49S3fK1xnbz3SpT X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=PVGBU9RI; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates 2607:f8b0:4864:20::934 as permitted sender) smtp.mailfrom=ozkankirik@gmail.com X-Spamd-Result: default: False [-1.54 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.67)[-0.671]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.51)[-0.509]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::934:from]; NEURAL_HAM_SHORT(-0.08)[-0.075]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; R_MIXED_CHARSET(0.71)[subject]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2020 20:06:02 -0000 Hi, Problem solved, pass all as first rule drops packets with IP options regards On Wed, May 20, 2020 at 10:35 PM =C3=96zkan KIRIK w= rote: > Hello, > > I'm running FreeBSD 12.1-Stable. pimd is running. > When I enabled pf, multicast traffic is dropped. > > I wrote a single basic rule: > > pass quick all allow-opts > > but still multicast traffic is dropped. after pfctl -xm, dmesg shows this > error: > pf: dropping packet with ip options > pf: dropping packet with ip options > ... > > What is the solution? > Thanks >