From owner-freebsd-net@freebsd.org Mon Jul 13 09:11:54 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D3C53AC4 for ; Mon, 13 Jul 2015 09:11:54 +0000 (UTC) (envelope-from technical@at-hacker.in) Received: from mail.at-hacker.in (mail.at-hacker.in [82.146.54.71]) by mx1.freebsd.org (Postfix) with ESMTP id 0BC1B1898; Mon, 13 Jul 2015 09:11:53 +0000 (UTC) (envelope-from technical@at-hacker.in) Received: from [192.168.1.14] (broadband-5-228-79-227.nationalcablenetworks.ru [5.228.79.227]) by mail.at-hacker.in (Postfix) with ESMTPSA id 5E3812ADC85; Mon, 13 Jul 2015 12:11:44 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=at-hacker.in; s=mail; t=1436778704; bh=WjhHyfQSpRIxi2VuGQ7ZFSNgkxbnuPTUYhvQvrGwZEg=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=mJI03dwdtfS+euo9fyzaAzt9BqatMC5py9+OLQeZ8XP+OY+kjXihZVLCeTUyEUOdP zO3oazS6AbxyJAsS4nZNCBRJjrjV5nrtg2o4XdXK+HuEPw6F9pinubJ/mt0ULFkv9U SNfvaTYvU3Acd9tpDySd8cE3bAdMMzKN5Ynxyi1k= Message-ID: <55A380CF.2030503@at-hacker.in> Date: Mon, 13 Jul 2015 12:11:43 +0300 From: Alexey Pereklad User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Kristof Provost CC: freebsd-net@freebsd.org Subject: Re: FreeBSD 9.3: Looks like a bug in pf NAT while translating ICMP packets of type 3 References: <559BC04F.70107@at-hacker.in> <20150707123320.GF3135@vega.codepro.be> In-Reply-To: <20150707123320.GF3135@vega.codepro.be> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2015 09:11:54 -0000 Hi. I checked if I can reproduce this issue with -CURRENT. Well, -CURRENT has the same problem. Here is my test lab: # uname -a FreeBSD test-BSD-01.hyperv.local 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r285351: Fri Jul 10 14:49:08 MSK 2015 root@test-BSD-01.hyperv.local:/usr/obj/usr/src/sys/GENERIC amd64 Here is dump on LAN interface: # tcpdump -npi hn1 host 172.16.129.18 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on hn1, link-type EN10MB (Ethernet), capture size 262144 bytes 11:43:25.506775 IP 172.16.129.18.29490 > 208.67.220.220.53: 9125+ A? freebsd.org. (29) 11:43:25.570851 IP 208.67.220.220.53 > 172.16.129.18.29490: 9125 1/0/0 A 8.8.178.110 (45) 11:43:25.571635 IP 172.16.129.18 > 208.67.220.220: ICMP 172.16.129.18 udp port 29490 unreachable, length 36 Dump on external WAN interface at the same moment: # tcpdump -npi hn0 \(udp and port 53\) or icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on hn0, link-type EN10MB (Ethernet), capture size 262144 bytes 11:43:25.741672 IP 213.208.xx.yy.55677 > 208.67.220.220.53: 1319+ A? ya.ru. (23) 11:43:25.795961 IP 208.67.220.220.53 > 213.208.xx.yy.55677: 1319 3/0/0 A 93.158.134.3, A 213.180.193.3, A 213.180.204.3 (71) 11:43:25.796700 IP 172.16.129.18 > 208.67.220.220: ICMP 213.208.xx.yy udp port 55677 unreachable, length 36 So I've created bugreport: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519 07.07.2015 15:33, Kristof Provost пишет: > On 2015-07-07 15:04:31 (+0300), technical account wrote: >> I have an issue with pf in FreeBSD 9.3. Looks there is something wrong >> with pf's NAT while processing ICMP packets of type 3 (destination >> unreachable). >> > Can you check if this also happens on CURRENT? > > If so, please create a bug on bugs.freebsd.org/bugzilla and cc me > (kp@FreeBSD.org). > You've already gathered the information required for a good bug report. > > I'll try to take a look at it when I find some time. >