Date: Fri, 01 Aug 2014 13:52:13 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 127920] [pf] ipv6 and synproxy don't play well together Message-ID: <bug-127920-17777-t7soyzWul3@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-127920-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-127920-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127920 vegeta@tuxpowered.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vegeta@tuxpowered.net --- Comment #5 from vegeta@tuxpowered.net --- The issue is also present in FreeBSD 10. What happens is that when synproxy code sents a SYN+ACK reply to client's SYN packet, it gets dropped here: sys/netpfil/pf/pf.c: 4153 if ((*state)->src.state == PF_TCPS_PROXY_SRC) { 4154 if (direction != (*state)->direction) { 4155 REASON_SET(reason, PFRES_SYNPROXY); 4156 return (PF_SYNPROXY_DROP); 4157 } I'm a bit surprised why it does not happen for IPv4 though, unless direction is wrong or the IPv4 packet does not match existing state. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-127920-17777-t7soyzWul3>