From owner-freebsd-pf@FreeBSD.ORG Fri Nov 14 10:34:51 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2D0CAC05; Fri, 14 Nov 2014 10:34:51 +0000 (UTC) Received: from olymp.kibab.com (olymp6.kibab.com [IPv6:2a01:4f8:160:84c1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 8BE92128; Fri, 14 Nov 2014 10:34:49 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.8.3 olymp.kibab.com 1098B7590E DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bakulin.de; s=default; t=1415961281; bh=9ywG89bEtG9dy5MvPGVU6+4GIYu7pNTWcZyeJDf8YgY=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=LZTjEbqeBBD3/VyIOjBSTJajq2keMz6gw3UdxARyGYJ/dXl9e418skybt1HllXnPF SvRKOgEa8C7fX/4RrbtoTeOIV+shq4P+L1wsKNoJY5YklU/7CJbYArrWNKthyOKQzg U6hXfUZQdBKn+v0zBcjFUPCUrb0lGsa4dnozQMxk= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Fri, 14 Nov 2014 11:34:40 +0100 From: Ilya Bakulin To: =?UTF-8?Q?Ermal_Lu=C3=A7i?= Subject: Re: [Bug 172648] [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet checksum on SYN ACK Organization: Deglitch Networks In-Reply-To: References: Message-ID: <48fa06babb4c371b69c8e3bb2a3e1cd3@mail.bakulin.de> X-Sender: ilya@bakulin.de Cc: owner-freebsd-pf@freebsd.org, bugzilla-noreply@freebsd.org, freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2014 10:34:51 -0000 Hi Ermal, unfortunately your inline patch seems to be broken, actually it is a patch for patch??? Please send a correct copy. On 2014-11-10 09:46, Ermal Luçi wrote: > Give this patch inline a try: > > --- a/patches/releng/10.1/pf_reply-to.enahnce.diff > +++ b/patches/releng/10.1/pf_reply-to.enahnce.diff > @@ -1,8 +1,33 @@ > +diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c > +index 837b617..b6c37a9 100644 > +--- a/sys/netinet6/ip6_output.c > ++++ b/sys/netinet6/ip6_output.c > +@@ -185,7 +185,7 @@ static int copypktopts(struct ip6_pktopts *, > struct ip6_pktopts *, int); > + }\ > + } while (/*CONSTCOND*/ 0) > + > +-static void > ++void > + in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset) > + { > + u_short csum; > +diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h > +index 70e487e..0d72b37 100644 > +--- a/sys/netinet6/ip6_var.h > ++++ b/sys/netinet6/ip6_var.h > +@@ -445,6 +445,7 @@ int rip6_usrreq(struct socket *, > + int dest6_input(struct mbuf **, int *, int); > + int none_input(struct mbuf **, int *, int); > + > ++void in6_delayed_cksum(struct mbuf *, uint32_t, u_short); > + int in6_selectsrc(struct sockaddr_in6 *, struct ip6_pktopts *, > + struct inpcb *inp, struct route_in6 *, struct ucred *cred, > + struct ifnet **, struct in6_addr *); > diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c > -index 6bc7ce6..2ceaf0e 100644 > +index a76d06e..257fae2 100644 > --- a/sys/netpfil/pf/pf.c > +++ b/sys/netpfil/pf/pf.c > -@@ -343,11 +343,9 @@ do { \ > +@@ -335,11 +335,9 @@ do { \ > } \ > if ((d) == PF_OUT && \ > (((s)->rule.ptr->rt == PF_ROUTETO && \ > @@ -17,7 +42,7 @@ index 6bc7ce6..2ceaf0e 100644 > return (PF_PASS); \ > } while (0) > > -@@ -5888,7 +5886,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, > int dir, struct ifnet *oifp, > +@@ -5646,7 +5644,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, > int dir, struct ifnet *oifp, > else if (r->rt == PF_ROUTETO && r->direction == dir && > in_localip(ip->ip_dst)) > return; > > @@ -31,7 +56,7 @@ index 6bc7ce6..2ceaf0e 100644 > if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address > list?! */ > return; > > -@@ -6127,7 +6130,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, > int dir, struct ifnet *oifp, > +@@ -5885,7 +5888,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, > int dir, struct ifnet *oifp, > } else if (r->rt == PF_ROUTETO && r->direction == dir && > in6_localaddr(&ip6->ip6_dst)) > return; > > @@ -45,3 +70,31 @@ index 6bc7ce6..2ceaf0e 100644 > > if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL && > r->direction == PF_OUT && r->direction == dir && > pd->pf_mtag->routed < 2) { > +diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c > +index dbd92f9..621a4f5 100644 > +--- a/sys/netpfil/pf/pf_ioctl.c > ++++ b/sys/netpfil/pf/pf_ioctl.c > +@@ -72,6 +72,7 @@ __FBSDID("$FreeBSD$"); > + #include > + #include > + #include > ++#include > + #include > + > + #ifdef INET6 > +@@ -3690,12 +3691,9 @@ pf_check6_out(void *arg, struct mbuf **m, > struct ifnet *ifp, int dir, > + int chk; > + > + /* We need a proper CSUM before we start (s. OpenBSD ip_output) */ > +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { > +-#ifdef INET > +- /* XXX-BZ copy&paste error from r126261? */ > +- in_delayed_cksum(*m); > +-#endif > +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; > ++ if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { > ++ in6_delayed_cksum(*m, (*m)->m_pkthdr.len - sizeof(struct ip6_hdr), > sizeof(struct ip6_hdr)); > ++ (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; > + } > + CURVNET_SET(ifp->if_vnet); > + chk = pf_test6(PF_OUT, ifp, m, inp); > > > On Wed, Nov 5, 2014 at 3:29 PM, wrote: > >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=172648 >> >> Kurt Jaeger changed: >> >> What |Removed |Added >> >> ---------------------------------------------------------------------------- >> CC| |pi@FreeBSD.org >> >> --- Comment #3 from Kurt Jaeger --- >> See >> >> https://lists.freebsd.org/pipermail/freebsd-net/2014-November/040319.html >> >> -- >> You are receiving this mail because: >> You are the assignee for the bug. >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >>