From nobody Mon Jun  6 14:29:13 2022
X-Original-To: net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 47C541BD858C
	for <net@mlmmj.nyi.freebsd.org>; Mon,  6 Jun 2022 14:29:14 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LGwpx5Xqpz3qRN
	for <net@FreeBSD.org>; Mon,  6 Jun 2022 14:29:13 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 87A63276F9
	for <net@FreeBSD.org>; Mon,  6 Jun 2022 14:29:13 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 256ETDHu092515
	for <net@FreeBSD.org>; Mon, 6 Jun 2022 14:29:13 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 256ETDHJ092514
	for net@FreeBSD.org; Mon, 6 Jun 2022 14:29:13 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 264193] pf: scrub max-mss rule stops working (but still counts)
 after 13.1-RELEASE upgrade
Date: Mon, 06 Jun 2022 14:29:13 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.0-RELEASE
X-Bugzilla-Keywords: needs-qa, regression
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: kp@freebsd.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: pf@FreeBSD.org
X-Bugzilla-Flags: mfc-stable13? mfc-stable12-
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-264193-7501-2JzBAbOdnW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-264193-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-264193-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1654525753;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=hovU0+RHRbXquFAcUYpRUqGsZNhln9+C4PSJ4M03cSI=;
	b=nnq68H/C1ugr/WPYdV8IA+ZUpXVT+9e+Jq0W5Ujs/NCYrdR0nG14j4G6BaIZdLkLnhyjj5
	xiQpEglvVkKsjshCtQZqmPxYrxKIeAyJVC0j4A5RYHUJMLivf9pE3/N/jeQ0QgalOEiY7j
	RvpxZ79ehDPCLRcN+OqWJj06HZg/5rxgeeRaxxjZrz8hrr7f9qCTIhvlGfHtYjDNMvExcM
	I0yy2llvmKREFr5E1MCG3IRrfdMJu3D6tbYQSe0ij42G1DuGmfCPsqQs3k4brcsIrkK4py
	b39hevwZ/f8KM6YpCso2JpMJbLbsntXMmzCPlYAo6T5umT4UpRMD7HHHavpi3g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654525753; a=rsa-sha256; cv=none;
	b=OWcXZjwUp4inso0/791gkxME3Dl0YnAn5UcDWglQCcMEg0O20njC8ECyIPlGD3G8xFa64F
	BzlsskfRNwGUzZjucF2yCPaBMJyvJJ2+Pe2N4VBjZ4NoKjmVylqOwVK9HE2BFY68Ucs2oS
	/JWTVe3eMyz65cnCRfb4tAdGtQIyNexzSQX+LSu/8NyHWWySICf5P0jGmqV32/U/8w/HTR
	njrus5/GHO7D3dsFH8+wkKhMzR/Rf2MxFWBin8MXB+Ju1SWPPNiSsLWVIxRf9ucj5Z7DjT
	M6in8VMYs7sC7x1yCDPGRT0zFXZO7eJexpr9ZfaYm3uGY5Y1/u3ig3NzwIHT5A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264193

--- Comment #7 from Kristof Provost <kp@freebsd.org> ---
(In reply to oleg from comment #6)
Packets can pass through pf multiple times. When forwarding they pass throu=
gh
coming into the network and again on the way out (post-routing), for exampl=
e.

In this case what I'm saying is that the original SYN packet that starts the
connection (and carries the MSS option) passes through pf once, does not hit
the scrub rule, because its going to go out epair0b, is then processed by t=
he
'pass route-to' rule, which it matches and causes it to be sent out through
epair1b. It does not pass through pf a second time, so it does not hit the
scrub rule and does not get its MSS adjusted.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=