From owner-freebsd-pf@FreeBSD.ORG Sat Aug 31 19:49:54 2013 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 1B8544C4; Sat, 31 Aug 2013 19:49:54 +0000 (UTC) (envelope-from tdb@carrick.bishnet.net) Received: from carrick.bishnet.net (carrick-mx.bishnet.net [IPv6:2a01:348:132:51::14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D30802199; Sat, 31 Aug 2013 19:49:53 +0000 (UTC) Received: from carrick-users.bishnet.net ([2a01:348:132:51::10]) by carrick.bishnet.net with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1VFrB9-000El4-WB; Sat, 31 Aug 2013 20:49:52 +0100 Received: (from tdb@localhost) by carrick-users.bishnet.net (8.14.7/8.14.7/Submit) id r7VJnprS056733; Sat, 31 Aug 2013 20:49:51 +0100 (BST) (envelope-from tdb) Date: Sat, 31 Aug 2013 20:49:51 +0100 From: Tim Bishop To: freebsd-stable@FreeBSD.org, freebsd-pf@FreeBSD.org Subject: Stiil a regression with jails/IPv6/pf? Message-ID: <20130831194951.GC44979@carrick-users.bishnet.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline X-PGP-Key: 0x6C226B37FDF38D55, http://www.bishnet.net/tim/tim-bishnet-net.asc X-PGP-Fingerprint: 4BD9 5F90 8A50 40E8 D26C D681 6C22 6B37 FDF3 8D55 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: bz@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Aug 2013 19:49:54 -0000 --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all, This is regarding kern/170070 and these two threads from last year: http://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068987.html http://lists.freebsd.org/pipermail/freebsd-stable/2012-August/069043.html I'm running stable/9 r255017 and I'm seeing the same issue, even with the fix Bjoern committed in r238876. My setup is a dual stack one (IPv6 is done through an IPv4 tunnel) and the problem is only with IPv6. I have jails with both IPv4 and IPv6 addresses, and I use pf to rdr certain ports to certain jails. With IPv6 I'm seeing failed checksums on the packets coming back out of my system, both with UDP and TCP. If I connect over IPv6 to the jail host it works fine. If I connect over IPv6 to a jail directly (they have routable addresses, but I prefer them to all be masked behind the single jail host normally), it works fine. So the only failure case is when it goes through a rdr rule in pf. This system replaces a previous one running stable/8 which worked fine with the same pf config file. Has anyone got any suggestions on what I can do to fix this or to debug it further? Thanks, Tim. --=20 Tim Bishop http://www.bishnet.net/tim/ PGP Key: 0x6C226B37FDF38D55 --jRHKVT23PllUwdXP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (FreeBSD) iQIcBAEBCgAGBQJSIkjfAAoJEGwiazf9841V/0EP/3FswICXwY8PbrlrNd+IUQkO I9nfgGJOl7M9ET7vT7w1OY8WnH8/LFl/Tqy45DJdkQQZd3ZgEx93MPWCR7ItCIqV pjz3Fn+GVkBlOtJ0oro//X01mUy0j5MvFqbaUEnnPU47ohaJPi7++kRQz9quW++j sncs9EYlO4M9I13/TUJbfF5nthxv7UN6qM0lUIX52Gl4qN1VIV576fy/kMdjC+Z/ 8l4D7bmWirljmISD0LrQsc3pqV66Up9huuxYR/ofiZb/oUFCIzEYuutjYyCcOyRI k47nMWLFxLgjQiPpWv53mMZX6KUzI4sfQHULQkekFt6UDe4D2WPZafMS16DgrG4j yBjQvceqiX30lkZNC/CzAQoPZoh39xATeYMonuCsW+rLjb5EqZvyhAObVKC+j45q 8EySdAgkogz4gyqp+M+flfUkc6G2RteE2oz1UZjXH7KakEaOdDG4SWtjotrpO+m+ M1R4vZfO6ZbBNA3ilywjx+f/oGTyIkRSPo87aN66S7RQxpAfrA6oyzhWyPfLkl3a KDsM3/tUMreexEqnbCKsSx3m7WAAnEQEPW5Hecg8eo3SlkkgvMGYEn9mpLBcGxl1 Q7C+q6oSuRyNVOvleTyLOQj5rw7LF2NzwXSNb27/VaUinc8UeylAqfL38ZBRrV4l x/o5uH+QSrd0RPOTI0NW =Ogos -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--