From owner-freebsd-pf@freebsd.org Mon Jan 9 17:25:30 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7FC90CA7B32 for ; Mon, 9 Jan 2017 17:25:30 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [88.199.43.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "plan-b.pwste.edu.pl" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id F077F1BAC; Mon, 9 Jan 2017 17:25:29 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPS id v09HPKub094437 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 9 Jan 2017 18:25:20 +0100 (CET) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.15.2/8.15.2/Submit) id v09HPJPX094431; Mon, 9 Jan 2017 18:25:19 +0100 (CET) (envelope-from zarychtam) Date: Mon, 9 Jan 2017 18:25:19 +0100 From: Marek Zarychta To: Kristof Provost Cc: freebsd-pf@freebsd.org Subject: Re: udp - weird behavior of reply-to Message-ID: <20170109172519.GA62580@plan-b.pwste.edu.pl> References: <20170108145532.GA17695@plan-b.pwste.edu.pl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.2 (2016-11-26) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2017 17:25:30 -0000 --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 08, 2017 at 07:08:10PM +0100, Kristof Provost wrote: > On 8 Jan 2017, at 15:55, Marek Zarychta wrote: > The problem description doesn=E2=80=99t ring any bells with me, but I=E2= =80=99m also=20 > not sure > I=E2=80=99ve fully understood it. Can you document a minimal reproductio= n=20 > scenario, > with a pf.conf and perhaps network captures documenting the problem? >=20 > There=E2=80=99s certainly not been a conscious decision to break UDP repl= y-to. >=20 Let me apologize, the problem wasn't previously properly identified. It seems to be more problem of UDP protocol implementation than PF issue. UDP sockets are opened and bound to address of the outgoing interface (interface which has a route to the client). Because the socket is not bound to the incoming interface, the PF reply-to rules couldn't be evaluated. By the way, TCP sockets are bound to the interface where the traffic arrives and everything works fine.=20 This machine is i386 running 11.0-STABLE r311772 The problem remains unresolved. Are there any corresponding sysctls correcting this behavior and enabling the opportunity to use PF assisted symmetric routing scenario again?=20 --=20 Marek Zarychta --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlhzx30ACgkQdZ/s//1S jSwKZAgAy+LxWRJgn9fMuZCvDC0qHDixrKsOteETi1LQ9p0/dZjsmaGAIk223sVa Z3ui83hR4DgNPn2OtrM72ItYjVv5s+7JAl3PhlcsZNkBa7eHpxjDZ+VvVE/s/Noz djG+oNIVe6DHycB9XSKoIqVs16NNnvXljjHixpQUPe/oJFqbqDuryEJb70egAokT HLvmr64zInpo1Pn3yangUTmz0C1m/VliThhG7xuFRMd4rpBkqeBMFQIIpIR+vxf1 g/E+9J2FwahNFeJLXJab9mkra9Ottfjdker4NZq0ppHQ+oxgpQCw/GGQXIqF+Tam /af5HyagqtUCSLjobvRL5a6JFPd8TQ== =e3e4 -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--