From owner-freebsd-bugs@FreeBSD.ORG Fri Mar 14 15:20:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D16EF106566B for ; Fri, 14 Mar 2008 15:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BBD228FC25 for ; Fri, 14 Mar 2008 15:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m2EFK2QL024371 for ; Fri, 14 Mar 2008 15:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m2EFK2No024370; Fri, 14 Mar 2008 15:20:02 GMT (envelope-from gnats) Resent-Date: Fri, 14 Mar 2008 15:20:02 GMT Resent-Message-Id: <200803141520.m2EFK2No024370@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Josh Paetzel" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 772E11065674 for ; Fri, 14 Mar 2008 15:12:14 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from conn-smtp.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5B8E08FC13 for ; Fri, 14 Mar 2008 15:12:14 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from mail.tcbug.org (mail.tcbug.org [208.42.70.163]) by conn-smtp.mc.mpls.visi.com (Postfix) with ESMTP id 7B398787E for ; Fri, 14 Mar 2008 10:12:13 -0500 (CDT) Received: from homebase.tcbug.org (unknown [208.42.70.167]) by mail.tcbug.org (Postfix) with ESMTP id 4EBEA6DA044 for ; Fri, 14 Mar 2008 10:12:13 -0500 (CDT) Received: from homebase.tcbug.org (localhost [127.0.0.1]) by homebase.tcbug.org (Postfix) with ESMTP id D97F93F41B for ; Fri, 14 Mar 2008 10:12:04 -0500 (CDT) Message-Id: <1205507524.58195@homebase.tcbug.org> Date: Fri, 14 Mar 2008 10:12:04 -0500 From: "Josh Paetzel" To: "FreeBSD gnats submit" X-Send-Pr-Version: gtk-send-pr 0.4.9 Cc: Subject: kern/121704: PF mangles loopback packets X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Mar 2008 15:20:02 -0000 >Number: 121704 >Category: kern >Synopsis: PF mangles loopback packets >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Mar 14 15:20:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Josh Paetzel >Release: FreeBSD 6.3-RELEASE i386 >Organization: >Environment: System: FreeBSD 6.3-RELEASE #1: Mon Feb 11 03:00:24 UTC 2008 jpaetzel@homebase.tcbug.org:/usr/obj/usr/src/sys/HOMEBASE >Description: PF appears to mangle packets on the loopback, even with pass all rules >How-To-Repeat: simple pf.conf pass in all keep state pass out all keep state root@homebase /home/jpaetzel ->cat echoserver.py #!/usr/bin/env python """ A simple echo server """ import socket host = '' port = 50000 backlog = 5 size = 1024 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind((host,port)) s.listen(backlog) while 1: client, address = s.accept() data = client.recv(size) if data: client.send(data) client.close() *********************************************8 root@homebase /home/jpaetzel ->cat echoclient.py #!/usr/bin/env python """ A simple echo client """ import socket , time host = '127.0.0.2' port = 50000 size = 1024 loop = 1 while 1: loop += 1 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host,port)) s.send('Hello, world') data = s.recv(size) s.close() print '#', loop, 'received:', data, time.ctime() Bring up echoserver.py on 127.0.0.2 (in a jail works), start echoclient.py on another loopback IP in the host environment or another jail and watch it go boom. Disabling pf or set skip on lo0 lets it run indefinitely. >Fix: set skip on lo0 fixes the problem, unfortunately I need that too. >Release-Note: >Audit-Trail: >Unformatted: