Date: Wed, 15 Jan 2014 21:50:00 GMT From: Martin Sugioarto <martin@sugioarto.com> To: freebsd-pf@FreeBSD.org Subject: Re: kern/179392: [pf] [ip6] Incorrect TCP checksums in rdr return packets Message-ID: <201401152150.s0FLo0Uq080545@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/179392; it has been noted by GNATS. From: Martin Sugioarto <martin@sugioarto.com> To: bug-followup@FreeBSD.org, paul@semiocast.com Cc: Subject: Re: kern/179392: [pf] [ip6] Incorrect TCP checksums in rdr return packets Date: Wed, 15 Jan 2014 22:36:53 +0100 Hello FreeBSD team, hello Paul, I would like to confirm this. The original PR says it all. I have also reproduced it on FreeBSD 9.2R. FreeBSD 9.2-RELEASE-p2 #3 r258725 on amd64 The checksum is not updated, tcpdump says it clearly. The packet is being quietly dropped and never arrives at the service listening socket. Here the comparison for two rules for an intercepting HTTP proxy: # works (IPv4) rdr on $if_int inet proto tcp \ from any to !$net_int port www -> 127.0.0.1 port 8118 # incorrect checksum (IPv6) rdr on $if_int inet6 proto tcp \ from any to !$net_int port www -> ::1 port 8118 In my opinion, this is quite important. It costed me a day to find out what is going on and I have come to the same conclusion as Paul (independently). Yours Martin Sugioarto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401152150.s0FLo0Uq080545>