Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Aug 2024 07:53:05 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute)
Message-ID:  <bug-280701-7501-Z3cEUMV19l@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-280701-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-280701-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701

--- Comment #15 from doktornotor <doktornotor@mailinator.com> ---
(In reply to commit-hook from comment #14)

Unfortunately, that fixes IPv4 but is even more broken with ICMPv6, now even
the first hop (the FreeBSD router) is not shown from machines behind the
router.=20

Windows 11 machine:

> tracert -6 www.google.com

Tracing route to www.google.com [2a00:1450:4014:80a::2004]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     7 ms     7 ms     7 ms  prg03s10-in-x04.1e100.net
[2a00:1450:4014:80a::2004]

Trace complete.

Ubuntu 22 LTS machine:

$ traceroute6 -I www.google.com
traceroute to www.google.com (2a00:1450:4014:80a::2004), 30 hops max, 80 by=
te
packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  prg03s10-in-x04.1e100.net (2a00:1450:4014:80a::2004)  6.992 ms  7.055 m=
s=20
7.051 ms


Directly from the router, it works.=20

# traceroute6 -I www.google.com
traceroute6 to www.google.com (2a00:1450:4014:80a::2004) from 2001:1ae9::xx=
xx,
64 hops max, 20 byte packets
 1  * * *
 2  * * *
 3  2001:af0:f::1da  6.427 ms  6.587 ms *
 4  2001:4860:1:1::1d50  6.787 ms  6.929 ms  6.860 ms
 5  2001:4860:0:1::7ee5  6.873 ms  6.702 ms  6.545 ms
 6  2001:4860:0:1::389b  7.082 ms  6.724 ms  6.658 ms
 7  prg03s10-in-x04.1e100.net  6.766 ms  6.754 ms  6.170 ms


 # mtr -wrn -c 10 -6 www.google.com
Start: 2024-08-14T09:47:37+0200
HOST: gw.localocaldomain         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- ???                      100.0    10    0.0   0.0   0.0   0.0   0.0
  2.|-- ???                      100.0    10    0.0   0.0   0.0   0.0   0.0
  3.|-- 2001:af0:f::1da          60.0%    10    6.7   7.0   6.7   7.3   0.3
  4.|-- 2001:4860:1:1::1d50       0.0%    10    7.0   7.0   6.6   7.6   0.3
  5.|-- 2001:4860:0:1::7ee5       0.0%    10    7.0   6.9   6.6   7.4   0.3
  6.|-- 2001:4860:0:1::389b       0.0%    10    7.0   7.1   6.6   7.7   0.3
  7.|-- 2a00:1450:4014:80a::2004  0.0%    10    6.7   7.0   6.7   7.3   0.2

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280701-7501-Z3cEUMV19l>