Date: Sat, 24 Aug 2024 08:25:05 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Message-ID: <bug-280701-7501-yw9LKMXl2M@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280701-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-280701-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #52 from Dr. Uwe Meyer-Gruhl <freebsd_email@congenio.de> --- If you do not understand and / or believe what is left broken, read the rep= orts of how ND fails even after applying the patches contained here. If you want to construct a test setup to cover this, try directing the following command from another machine to a potentially affected FreeBSD machine and look at the results: while : do ndisc6 -m -n -r 1 fe80::1111:2222:3333:4444 eth0 done Of course, fill in the target's EUI-64 instead of 1111:2222:3333:4444 and u= se the correct interface instead of eth0. You will find that even after the current commits, a machine with the SA applied does not always respond in due time to these requests and the reque= sts time out, whereas a machine without the SA always answers correctly. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280701-7501-yw9LKMXl2M>