Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 5 Sep 2015 23:21:51 -0400
From:      Kristof Provost <kp@FreeBSD.org>
To:        Niels <niels@netbox.org>
Cc:        Markus Gebert <markus.gebert@hostpoint.ch>, freebsd-pf@freebsd.org
Subject:   Re: Near-term pf plans
Message-ID:  <AEE6F5EC-6A6B-4E85-B7E8-8FC1DC22BB54@FreeBSD.org>
In-Reply-To: <D5D97B4D-6360-4762-B38B-53BCC0377A5C@netbox.org>
References:  <20150823150957.GK48727@vega.codepro.be> <3121D8E4-A27E-475B-9771-C09347D1D793@hostpoint.ch> <1DDBFAD5-9AFB-4A21-8D16-BD85AB30F448@FreeBSD.org> <D5D97B4D-6360-4762-B38B-53BCC0377A5C@netbox.org>
index | next in thread | previous in thread | raw e-mail 


> On 05 Sep 2015, at 23:17, Niels <niels@netbox.org> wrote:
> 
> 
>> On 24 Aug 2015, at 18:16, Kristof Provost <kp@FreeBSD.org> wrote:
>> 
>>>> - PR 202351
>>>> This is a panic after ip6 reassembly in pf. We set the rcvif to NULL
>>>> when refragmenting. That seems to go OK execpt when we're refragmenting
>>>> broadcast/multicast packets in the forwarding path. It's not at all
>>>> clear to me how that could happen.
>>> 
>>> if_bridge wants to forward ipv6 multicasts. pf refragmentation code tries to send out the resulting packets using ip6_forward() which does not handle multicasts, drops the packet and tries to log that fact, which causes the panic.
>>> 
>>> I’ve updated the PR with some more thoughts about this.
>>> 
>> Yes, I saw that pass by earlier. Thanks for that, I think you did a great analysis.
>> 
>> Unfortunately there are other issues with pf on bridges. (See PR 185633 for example)
>> I wouldn’t expect the fragmentation and reassembly to work at all in that scenario.
>> 
>> I’ll see what I can do about at least fixing the panic in the short term.
>> Even if the reassembly/refragmentation doesn’t work (on bridges) we should at least no panic.
>> 
>> Regards,
>> Kristof
> 
> Is this just the very same issue I see after upgrading to i386 releng/10.2 on my pf/bridge/ip6 router?
> 
> It has a bunch of interfaces bridged on the lan, and an mpd/ng interface with IP6 default route over it. Right after booting it crashes with
Yes. There’s a fix on current as of r287376.

Regards,
Kristof
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AEE6F5EC-6A6B-4E85-B7E8-8FC1DC22BB54>