From nobody Mon Jun 6 14:29:13 2022 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 47C541BD858C for ; Mon, 6 Jun 2022 14:29:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LGwpx5Xqpz3qRN for ; Mon, 6 Jun 2022 14:29:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 87A63276F9 for ; Mon, 6 Jun 2022 14:29:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 256ETDHu092515 for ; Mon, 6 Jun 2022 14:29:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 256ETDHJ092514 for net@FreeBSD.org; Mon, 6 Jun 2022 14:29:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade Date: Mon, 06 Jun 2022 14:29:13 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? mfc-stable12- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654525753; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hovU0+RHRbXquFAcUYpRUqGsZNhln9+C4PSJ4M03cSI=; b=nnq68H/C1ugr/WPYdV8IA+ZUpXVT+9e+Jq0W5Ujs/NCYrdR0nG14j4G6BaIZdLkLnhyjj5 xiQpEglvVkKsjshCtQZqmPxYrxKIeAyJVC0j4A5RYHUJMLivf9pE3/N/jeQ0QgalOEiY7j RvpxZ79ehDPCLRcN+OqWJj06HZg/5rxgeeRaxxjZrz8hrr7f9qCTIhvlGfHtYjDNMvExcM I0yy2llvmKREFr5E1MCG3IRrfdMJu3D6tbYQSe0ij42G1DuGmfCPsqQs3k4brcsIrkK4py b39hevwZ/f8KM6YpCso2JpMJbLbsntXMmzCPlYAo6T5umT4UpRMD7HHHavpi3g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654525753; a=rsa-sha256; cv=none; b=OWcXZjwUp4inso0/791gkxME3Dl0YnAn5UcDWglQCcMEg0O20njC8ECyIPlGD3G8xFa64F BzlsskfRNwGUzZjucF2yCPaBMJyvJJ2+Pe2N4VBjZ4NoKjmVylqOwVK9HE2BFY68Ucs2oS /JWTVe3eMyz65cnCRfb4tAdGtQIyNexzSQX+LSu/8NyHWWySICf5P0jGmqV32/U/8w/HTR njrus5/GHO7D3dsFH8+wkKhMzR/Rf2MxFWBin8MXB+Ju1SWPPNiSsLWVIxRf9ucj5Z7DjT M6in8VMYs7sC7x1yCDPGRT0zFXZO7eJexpr9ZfaYm3uGY5Y1/u3ig3NzwIHT5A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264193 --- Comment #7 from Kristof Provost --- (In reply to oleg from comment #6) Packets can pass through pf multiple times. When forwarding they pass throu= gh coming into the network and again on the way out (post-routing), for exampl= e. In this case what I'm saying is that the original SYN packet that starts the connection (and carries the MSS option) passes through pf once, does not hit the scrub rule, because its going to go out epair0b, is then processed by t= he 'pass route-to' rule, which it matches and causes it to be sent out through epair1b. It does not pass through pf a second time, so it does not hit the scrub rule and does not get its MSS adjusted. --=20 You are receiving this mail because: You are on the CC list for the bug.=