Date: Sat, 24 May 2008 14:18:54 -0700 (PDT) From: Kian Mohageri <kian.mohageri@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: kian@restek.wwu.edu Subject: kern/123965: tcpdump does not see outgoing RST when pf is enabled Message-ID: <200805242118.m4OLIskF082607@alvis.restek.wwu.edu> Resent-Message-ID: <200805242150.m4OLo2M6037684@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 123965 >Category: kern >Synopsis: tcpdump does not see outgoing RST when pf is enabled >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat May 24 21:50:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Kian Mohageri >Release: FreeBSD 7.0-RELEASE i386 >Organization: >Environment: System: FreeBSD alvis.restek.wwu.edu 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar 1 17:41:33 PST 2008 root@alvis.restek.wwu.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: When pf is enabled, block-policy is 'return', and a packet is blocked, pf sends a RST but tcpdump never sees it. >How-To-Repeat: - Enable pf with 'set block-policy return' and rules to deny traffic - Start tcpdump on your FreeBSD 7 host - Try to connect to FreeBSD 7 host from somewhere (that will be rejected) - Notice that tcpdump sees the incoming SYN but not the outgoing RST - Disable pf and try again - Notice that tcpdump correctly sees both the SYN and the RST In both cases, the RST *is* originating from the FreeBSD 7 host - that can be verified by tcpdumping on intermediate routers/firewalls. If it's at all helpful information, a FreeBSD 6.3 host sees the SYN/RST in both cases. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805242118.m4OLIskF082607>