From owner-freebsd-stable@FreeBSD.ORG Mon Sep 2 10:23:59 2013 Return-Path: Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 18EBDA3A; Mon, 2 Sep 2013 10:23:59 +0000 (UTC) (envelope-from ruben@verweg.com) Received: from erg.verweg.com (erg.verweg.com [IPv6:2a02:898:96::5e8e:f508]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8B3322F92; Mon, 2 Sep 2013 10:23:58 +0000 (UTC) Received: from [192.168.1.202] (helium.xs4all.nl [83.163.52.241]) (authenticated bits=0) by erg.verweg.com (8.14.6/8.14.6) with ESMTP id r82AMCB1060399 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 2 Sep 2013 10:22:16 GMT (envelope-from ruben@verweg.com) X-Authentication-Warning: erg.verweg.com: Host helium.xs4all.nl [83.163.52.241] claimed to be [192.168.1.202] Content-Type: multipart/signed; boundary="Apple-Mail=_36DCE10C-8EC8-471B-A73B-3206B03C788D"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Subject: Re: Stiil a regression with jails/IPv6/pf? From: Ruben van Staveren In-Reply-To: <20130831194951.GC44979@carrick-users.bishnet.net> Date: Mon, 2 Sep 2013 12:22:11 +0200 Message-Id: <8A6CE540-7AF3-4472-B0CC-A222036557C0@verweg.com> References: <20130831194951.GC44979@carrick-users.bishnet.net> To: Tim Bishop X-Mailer: Apple Mail (2.1508) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (erg.verweg.com [94.142.245.8]); Mon, 02 Sep 2013 10:22:18 +0000 (UTC) Cc: bz@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-pf@FreeBSD.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Sep 2013 10:23:59 -0000 --Apple-Mail=_36DCE10C-8EC8-471B-A73B-3206B03C788D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi, On 31 Aug 2013, at 21:49, Tim Bishop wrote: > Hi all, >=20 > This is regarding kern/170070 and these two threads from last year: >=20 > = http://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068987.html > = http://lists.freebsd.org/pipermail/freebsd-stable/2012-August/069043.html >=20 > I'm running stable/9 r255017 and I'm seeing the same issue, even with > the fix Bjoern committed in r238876. This is still with "modulate state" in some rules that also hit ipv6 = traffic ? It almost looks like doing this kind of traffic alteration is considered = harmful for IPv6 http://forums.freebsd.org/showthread.php?t=3D36595 If that is the case, then this should be applicable only to ipv4 = traffic, without requiring specific knowledge from the user >=20 > My setup is a dual stack one (IPv6 is done through an IPv4 tunnel) and > the problem is only with IPv6. I have jails with both IPv4 and IPv6 > addresses, and I use pf to rdr certain ports to certain jails. With = IPv6 > I'm seeing failed checksums on the packets coming back out of my = system, > both with UDP and TCP. >=20 > If I connect over IPv6 to the jail host it works fine. If I connect = over > IPv6 to a jail directly (they have routable addresses, but I prefer = them > to all be masked behind the single jail host normally), it works fine. > So the only failure case is when it goes through a rdr rule in pf. >=20 > This system replaces a previous one running stable/8 which worked fine > with the same pf config file. >=20 > Has anyone got any suggestions on what I can do to fix this or to = debug > it further? >=20 > Thanks, >=20 > Tim. >=20 > --=20 > Tim Bishop > http://www.bishnet.net/tim/ > PGP Key: 0x6C226B37FDF38D55 >=20 --Apple-Mail=_36DCE10C-8EC8-471B-A73B-3206B03C788D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlIkZtMACgkQZ88+mcQxRw2kTgCeOvKE4byQ2ACgcKOSpiWvrjbE 7sAAnihUaLcLBzVXVqOPLzS8I++i0Mp6 =gZJp -----END PGP SIGNATURE----- --Apple-Mail=_36DCE10C-8EC8-471B-A73B-3206B03C788D--