Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Feb 2016 18:52:43 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 207598] pf adds icmp unreach somehow
Message-ID:  <bug-207598-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207598

            Bug ID: 207598
           Summary: pf adds icmp unreach somehow
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: emz@norma.perm.ru

FreeBSD:

FreeBSD moscow-alpha 10.2-STABLE FreeBSD 10.2-STABLE #0 r286954: Fri Aug 21
08:33:14 MSK 2015     emz@moscow-alpha:/usr/obj/usr/src/sys/MOSCOW  amd64

Network scheme:

(FreeBSD A) <---(gre inside ipsec)---> (FreeBSD B) <---gre inside ipsec--->
(FreeBSD C)

(uname taken from B)

Issue:

PF is on
A pings B with icmp packets < gre MTU =3D everything is OK
A pings C with icmp packets < gre MTU =3D everything is OK

A pings B with icmp packets > gre MTU =3D everything is OK
A pings C with icmp packets > gre MTU =3D got two answers, a normal ICMP re=
ply
from C, and an ICMP unreach from B:

[emz@big-cherkiz5-1:~]# ping -s 4096 192.168.7.127
PING 192.168.7.127 (192.168.7.127): 4096 data bytes
36 bytes from 172.16.5.214: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 055c a28a   0 0000  40  01 3908 172.16.5.215  192.168.7.127=20

4104 bytes from 192.168.7.127: icmp_seq=3D0 ttl=3D61 time=3D62.119 ms
^C
--- 192.168.7.127 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev =3D 62.119/62.119/62.119/0.000 ms

Workaround: disable pf on B. With pf disabled on B, situation resolves back=
 to
normal.
The issue was first seen somewhere on 10-STABLE, didn't resolve so far. I've
talk with tough guys, like ae@, he told me to report it, since it cannot be
explained by configuration errors.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207598-8>