Date: Sun, 21 Nov 2021 07:52:43 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 259879] enabling PF blocks multicast/igmp sendto Message-ID: <bug-259879-227-0uI5QibrAU@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-259879-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259879 --- Comment #9 from Johan Ström <johan@stromnet.se> --- TEST CASE: block return log on $if all flushing state and starting socat. Logs on pflog0: 07:50:32.756386 rule 0/0(match): block out on vtnet0: (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 172.28.6.15 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.255.0.100 to_ex, 0 source(s)] And nothing on vtnet0. TEST CASE: block return log on $if all pass log on $if inet proto igmp allow-opts flushing state and starting socat, logs: 07:44:57.756384 rule 2/0(match): pass out on vtnet0: (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 172.28.6.15 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.255.0.100 to_ex, 0 source(s)] and expected igmp on vnet0. pf rule Packet counter is incremented. Tested: block return log on $if all pass log on $if inet proto flushing state and starting socat, logs 07:46:55.356406 rule 2/8(ip-option): pass out on vtnet0: (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 172.28.6.15 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.255.0.100 to_ex, 0 source(s)] Nothing on vtnet0. pf rule Packet counter is NOT incremented (only Evaluated). So, from a pflog perspective it seems the rule is matched, but from counter and actual traffic perspective, not matched. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259879-227-0uI5QibrAU>