From owner-freebsd-net@freebsd.org Tue Jul 7 12:33:24 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 101B4995290 for ; Tue, 7 Jul 2015 12:33:24 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C549D1D46 for ; Tue, 7 Jul 2015 12:33:23 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from vega.codepro.be (unknown [172.16.1.3]) by venus.codepro.be (Postfix) with ESMTP id C3EFD9BE6; Tue, 7 Jul 2015 14:33:20 +0200 (CEST) Received: by vega.codepro.be (Postfix, from userid 1001) id B6BBC7B72; Tue, 7 Jul 2015 14:33:20 +0200 (CEST) Date: Tue, 7 Jul 2015 14:33:20 +0200 From: Kristof Provost To: technical account Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD 9.3: Looks like a bug in pf NAT while translating ICMP packets of type 3 Message-ID: <20150707123320.GF3135@vega.codepro.be> References: <559BC04F.70107@at-hacker.in> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <559BC04F.70107@at-hacker.in> X-Checked-By-NSA: Probably User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2015 12:33:24 -0000 On 2015-07-07 15:04:31 (+0300), technical account wrote: > I have an issue with pf in FreeBSD 9.3. Looks there is something wrong > with pf's NAT while processing ICMP packets of type 3 (destination > unreachable). > Can you check if this also happens on CURRENT? If so, please create a bug on bugs.freebsd.org/bugzilla and cc me (kp@FreeBSD.org). You've already gathered the information required for a good bug report. I'll try to take a look at it when I find some time. Regards, Kristof