Date: Wed, 15 Jan 2014 21:50:00 GMT From: Martin Sugioarto <martin@sugioarto.com> To: freebsd-pf@FreeBSD.org Subject: Re: kern/179392: [pf] [ip6] Incorrect TCP checksums in rdr return packets Message-ID: <201401152150.s0FLo0Uq080545@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR kern/179392; it has been noted by GNATS. From: Martin Sugioarto <martin@sugioarto.com> To: bug-followup@FreeBSD.org, paul@semiocast.com Cc: Subject: Re: kern/179392: [pf] [ip6] Incorrect TCP checksums in rdr return packets Date: Wed, 15 Jan 2014 22:36:53 +0100 Hello FreeBSD team, hello Paul, I would like to confirm this. The original PR says it all. I have also reproduced it on FreeBSD 9.2R. FreeBSD 9.2-RELEASE-p2 #3 r258725 on amd64 The checksum is not updated, tcpdump says it clearly. The packet is being quietly dropped and never arrives at the service listening socket. Here the comparison for two rules for an intercepting HTTP proxy: # works (IPv4) rdr on $if_int inet proto tcp \ from any to !$net_int port www -> 127.0.0.1 port 8118 # incorrect checksum (IPv6) rdr on $if_int inet6 proto tcp \ from any to !$net_int port www -> ::1 port 8118 In my opinion, this is quite important. It costed me a day to find out what is going on and I have come to the same conclusion as Paul (independently). Yours Martin Sugioartohome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401152150.s0FLo0Uq080545>