Date: Sat, 5 Sep 2015 23:21:51 -0400 From: Kristof Provost <kp@FreeBSD.org> To: Niels <niels@netbox.org> Cc: Markus Gebert <markus.gebert@hostpoint.ch>, freebsd-pf@freebsd.org Subject: Re: Near-term pf plans Message-ID: <AEE6F5EC-6A6B-4E85-B7E8-8FC1DC22BB54@FreeBSD.org> In-Reply-To: <D5D97B4D-6360-4762-B38B-53BCC0377A5C@netbox.org> References: <20150823150957.GK48727@vega.codepro.be> <3121D8E4-A27E-475B-9771-C09347D1D793@hostpoint.ch> <1DDBFAD5-9AFB-4A21-8D16-BD85AB30F448@FreeBSD.org> <D5D97B4D-6360-4762-B38B-53BCC0377A5C@netbox.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 05 Sep 2015, at 23:17, Niels <niels@netbox.org> wrote: >=20 >=20 >> On 24 Aug 2015, at 18:16, Kristof Provost <kp@FreeBSD.org> wrote: >>=20 >>>> - PR 202351 >>>> This is a panic after ip6 reassembly in pf. We set the rcvif to = NULL >>>> when refragmenting. That seems to go OK execpt when we're = refragmenting >>>> broadcast/multicast packets in the forwarding path. It's not at all >>>> clear to me how that could happen. >>>=20 >>> if_bridge wants to forward ipv6 multicasts. pf refragmentation code = tries to send out the resulting packets using ip6_forward() which does = not handle multicasts, drops the packet and tries to log that fact, = which causes the panic. >>>=20 >>> I=E2=80=99ve updated the PR with some more thoughts about this. >>>=20 >> Yes, I saw that pass by earlier. Thanks for that, I think you did a = great analysis. >>=20 >> Unfortunately there are other issues with pf on bridges. (See PR = 185633 for example) >> I wouldn=E2=80=99t expect the fragmentation and reassembly to work at = all in that scenario. >>=20 >> I=E2=80=99ll see what I can do about at least fixing the panic in the = short term. >> Even if the reassembly/refragmentation doesn=E2=80=99t work (on = bridges) we should at least no panic. >>=20 >> Regards, >> Kristof >=20 > Is this just the very same issue I see after upgrading to i386 = releng/10.2 on my pf/bridge/ip6 router? >=20 > It has a bunch of interfaces bridged on the lan, and an mpd/ng = interface with IP6 default route over it. Right after booting it crashes = with Yes. There=E2=80=99s a fix on current as of r287376. Regards, Kristof=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AEE6F5EC-6A6B-4E85-B7E8-8FC1DC22BB54>