From owner-freebsd-pf@FreeBSD.ORG  Thu Jul 31 16:10:02 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 33DBC106566B
	for <freebsd-pf@freebsd.org>; Thu, 31 Jul 2008 16:10:02 +0000 (UTC)
	(envelope-from arved@knut.arved.priv.at)
Received: from knut.arved.priv.at (knut.arved.priv.at [213.9.70.77])
	by mx1.freebsd.org (Postfix) with ESMTP id A3DC58FC24
	for <freebsd-pf@freebsd.org>; Thu, 31 Jul 2008 16:10:01 +0000 (UTC)
	(envelope-from arved@knut.arved.priv.at)
Received: from knut.arved.priv.at (knut.arved.priv.at [213.9.70.77])
	by knut.arved.priv.at (8.14.2/8.14.2) with ESMTP id m6VFZ7cn062792
	for <freebsd-pf@freebsd.org>; Thu, 31 Jul 2008 17:35:12 +0200 (CEST)
	(envelope-from arved@knut.arved.priv.at)
Received: (from arved@localhost)
	by knut.arved.priv.at (8.14.2/8.14.2/Submit) id m6VFZ6uU062791
	for freebsd-pf@freebsd.org; Thu, 31 Jul 2008 17:35:06 +0200 (CEST)
	(envelope-from arved)
Date: Thu, 31 Jul 2008 17:35:06 +0200
From: Tilman Linneweh <arved@arved.at>
To: freebsd-pf@freebsd.org
Message-ID: <20080731153506.GA61317@arved.priv.at>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: pf dropping packets despite pass all rule
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2008 16:10:02 -0000

Hi list,

My setup:

LAN -> Router with PF <- gif tunnel with IPSEC -> Server

The router is running FreeBSD 7.0. Protocol is IPv6. ping6  works, 
but TCPv6 from LAN to Server does not work, unless i disable PF.

Excerpt from pf.conf:
pass in  quick  on gif0 all keep state
pass out quick on gif0 all keep state

pflog0 contains some strange packets:
http://arved.priv.at/~arved/strangepackets.pcap

IPSEC_FILTERTUNNEL does not make a difference.

I don't understand why pf is dropping something on gif0. And i can't decode
what kind of packets these are, and why they are necessary for TCPv6.

Any ideas?

regards
arved