From owner-freebsd-pf@freebsd.org Mon Aug 29 07:42:32 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A28ACBC7FD9 for ; Mon, 29 Aug 2016 07:42:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 91CD6F8A for ; Mon, 29 Aug 2016 07:42:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7T7gWe8057610 for ; Mon, 29 Aug 2016 07:42:32 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 185633] [pf] scrubbing bug in transparent mode bug with bigger than MTU UDP packet Date: Mon, 29 Aug 2016 07:42:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: olivier@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 07:42:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D185633 Olivier Cochard changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |olivier@freebsd.org --- Comment #5 from Olivier Cochard --- Let me restart my virtual-lab on -current (same version for all VMs): root@VM2:~ # uname -a FreeBSD 12.0-CURRENT FreeBSD 12.0-CURRENT #0 r304964M: Sun Aug 28 21:49:48 CEST 2016=20=20=20=20 olivier@lame4.bsdrp.net:/usr/obj/BSDRP12.amd64/usr/local/BSDRP/BSDRP12/Free= BSD/src/sys/amd64 amd64 Simple lab diagram: VM 1 (vtnet0)------(vtnet0) VM2 (vtnet1) -------- (vtnet1) VM 3 VM1 setup: sysrc ifconfig_vtnet0=3D"inet 10.0.0.1/24" service netif restart VM 2 setup: sysrc ifconfig_vtnet0=3D"up" sysrc ifconfig_vtnet1=3D"up" sysrc cloned_interfaces=3D"bridge0" sysrc ifconfig_bridge0=3D"addm vtnet0 addm vtnet1 up" sysrc pf_enable=3Dyes cat > /etc/pf.conf < Works with "standard size" (non-fragmented) ICMP ping. root@:~ # ping -c 1 -s 1500 10.0.0.3 PING 10.0.0.3 (10.0.0.3): 1500 data bytes --- 10.0.0.3 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss =3D> But not with fragmented ICMP A tcpdump on VM2 or VM3 give the same "corrupted" IP packet generated: root@VM2:~ # tcpdump -vv -pnei vtnet1 tcpdump: listening on vtnet1, link-type EN10MB (Ethernet), capture size 262= 144 bytes 09:39:59.656215 20:00:40:01:33:fa > 45:00:05:dc:0d:24, ethertype Unknown (0x0a00), length 1500: 0x0000: 0001 0a00 0003 0800 12d1 b907 0000 57c4 ..............W. 0x0010: 02ef 000a 16c8 0809 0a0b 0c0d 0e0f 1011 ................ 0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............! 0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01 0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=3D>?@A 0x0050: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ 0x0060: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a 0x0070: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq 0x0080: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~... 0x0090: 8283 8485 8687 8889 8a8b 8c8d 8e8f 9091 ................ 0x00a0: 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 ................ 0x00b0: a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 ................ 0x00c0: b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 ................ 0x00d0: c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 ................ 0x00e0: d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 ................ 0x00f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 ................ 0x0100: f2f3 f4f5 f6f7 f8f9 fafb fcfd feff 0001 ................ 0x0110: 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 ................ 0x0120: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............! 0x0130: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01 0x0140: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=3D>?@A 0x0150: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ 0x0160: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a 0x0170: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq 0x0180: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~... (etc.) If I remove the "scrub" pf feature:=C2=A0There is no more problem. --=20 You are receiving this mail because: You are the assignee for the bug.=