Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Jul 2023 11:34:41 +0000
From:      bugzilla-noreply@freebsd.org
To:        pf@FreeBSD.org
Subject:   [Bug 260867] [pf][patch] divert-to packets infinitely loop when written back to divert socket
Message-ID:  <bug-260867-16861-76eZujxbmG@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-260867-16861@https.bugs.freebsd.org/bugzilla/>
References:  <bug-260867-16861@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260867

Alfa <burak.sn@outlook.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |net@FreeBSD.org

--- Comment #3 from Alfa <burak.sn@outlook.com> ---
(In reply to Alfa from comment #2)

Hi, i have the same infinity loop problem , i have tried PF Divert rules gi=
ven
below on between FreeBSD 11.0 to 14.0 CURRENT versions. There is same probl=
em
with all versions.It seems to me no work has been done to fix pf divert. By=
 the
way i am currently using both IPFW and PF at the same time, i use IPFW for
DIVERT but i am trying to move on FreeBSD 14.0 to work with only PF . But t=
his
DIVERT is not working on FreeBSD 14.0-CURRENT pf. So i couldn't give up IPF=
W's
DIVERT.
I have atteched a code above the attachment and i have tried all available
codes on the internet.

LAN =3Digb1

pass in quick on igb1 proto udp from any to port { 53 } divert-to 127.0.0.1
port 3355

# I have found this rule (pass out quick on igb1 inet proto udp from any to
port 53 flags S/SA keep state divert-reply) from google but i got this erro=
r:
/etc/pf.conf:83: divert-reply has no meaning in FreeBSD pf(4)
pfctl: Syntax error in config file: pf rules not loaded


FreeBSD 14.0-CURRENT pf.conf(5) man page

     divert-to <host> port <port>
           Used to redirect packets to a local socket bound to host and por=
t.
           The packets will not be modified, so getsockname(2) on the socket
           will return the original destination address of the packet.

     divert-reply
           Used to receive replies for sockets that are bound to addresses
           which are not local to the machine.  See setsockopt(2) for infor=
ma-
           tion on how to bind these sockets.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260867-16861-76eZujxbmG>