From owner-freebsd-pf@freebsd.org  Mon Aug 24 15:33:14 2015
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 63AEA9C0C88;
 Mon, 24 Aug 2015 15:33:14 +0000 (UTC)
 (envelope-from markus.gebert@hostpoint.ch)
Received: from mail.adm.hostpoint.ch (mail.adm.hostpoint.ch
 [IPv6:2a00:d70:0:a::e0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2A09A169E;
 Mon, 24 Aug 2015 15:33:13 +0000 (UTC)
 (envelope-from markus.gebert@hostpoint.ch)
Received: from [2001:1620:2013:1:b1fa:bcf5:a6e2:f2a0] (port=59328)
 by mail.adm.hostpoint.ch with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
 (Exim 4.84 (FreeBSD)) (envelope-from <markus.gebert@hostpoint.ch>)
 id 1ZTtkD-0005yj-Tw; Mon, 24 Aug 2015 17:33:09 +0200
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
Subject: Re: Near-term pf plans
From: Markus Gebert <markus.gebert@hostpoint.ch>
In-Reply-To: <20150823150957.GK48727@vega.codepro.be>
Date: Mon, 24 Aug 2015 17:33:08 +0200
Cc: freebsd-net@freebsd.org,
 freebsd-pf@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3121D8E4-A27E-475B-9771-C09347D1D793@hostpoint.ch>
References: <20150823150957.GK48727@vega.codepro.be>
To: Kristof Provost <kp@FreeBSD.org>
X-Mailer: Apple Mail (2.2102)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2015 15:33:14 -0000

Hi Kristof

> On 23.08.2015, at 17:09, Kristof Provost <kp@FreeBSD.org> wrote:
>=20
> - PR 202351
>   This is a panic after ip6 reassembly in pf. We set the rcvif to NULL
>   when refragmenting. That seems to go OK execpt when we're =
refragmenting
>   broadcast/multicast packets in the forwarding path. It's not at all
>   clear to me how that could happen.

if_bridge wants to forward ipv6 multicasts. pf refragmentation code =
tries to send out the resulting packets using ip6_forward() which does =
not handle multicasts, drops the packet and tries to log that fact, =
which causes the panic.

I=E2=80=99ve updated the PR with some more thoughts about this.


Markus