From owner-freebsd-bugs@FreeBSD.ORG  Fri Mar 23 09:00:12 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 67F1016A416
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 23 Mar 2007 09:00:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id E83FA13C4BE
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 23 Mar 2007 09:00:11 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l2N90B8Z006466
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 23 Mar 2007 09:00:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l2N90Bi3006465;
	Fri, 23 Mar 2007 09:00:11 GMT (envelope-from gnats)
Resent-Date: Fri, 23 Mar 2007 09:00:11 GMT
Resent-Message-Id: <200703230900.l2N90Bi3006465@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"Vladimir V. Kalashnikov" <hw@ksue.edu.ua>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7DFFD16A402
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 23 Mar 2007 08:55:04 +0000 (UTC)
	(envelope-from avatar@ksue.edu.ua)
Received: from ksue.edu.ua (ksue.kharkov.ukrtel.net [195.5.57.77])
	by mx1.freebsd.org (Postfix) with ESMTP id 5B4E913C4B0
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 23 Mar 2007 08:54:41 +0000 (UTC)
	(envelope-from avatar@ksue.edu.ua)
Received: (from root@localhost)
	by ksue.edu.ua (8.11.6p2/8.11.6) id l2N8Dmp80509;
	Fri, 23 Mar 2007 10:13:48 +0200 (EET) (envelope-from avatar)
Message-Id: <200703230813.l2N8Dmp80509@ksue.edu.ua>
Date: Fri, 23 Mar 2007 10:13:48 +0200 (EET)
From: "Vladimir V. Kalashnikov" <hw@ksue.edu.ua>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: kern/110698: nat rule of pf without "on" clause causes invalid
	packed chksum
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Vladimir V. Kalashnikov" <hw@ksue.edu.ua>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2007 09:00:12 -0000


>Number:         110698
>Category:       kern
>Synopsis:       nat rule of pf without "on" clause causes invalid packed chksum
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 23 09:00:10 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Vladimir V. Kalashnikov
>Release:        FreeBSD 6.2-STABLE #9
>Organization:
Kharkov State University of Economics
>Environment:
System: FreeBSD sprite.local 6.2-STABLE FreeBSD 6.2-STABLE #9: Thu Mar 22 12:30:19 EET 2007
>Description:
    Such rule:
        nat from $local_me to ! local -> { ($if1), ($if2) } round-robin
    i.e. without corresponding "on iface" clause causes outgoing packets
    to be with incorrect checksum. this behaviour is only applied to packets
    originated from kernel (i.e. locally bound sockets). packets, that
    arrive on interfaces and travels thru system are processed correctly.

    it doesn't matter whether "local_me" specified as a single address or
    as a member of "some_table". i tried multiply configurations and
    effect was reproducible (from FreeBSD v6.1 PRERELEASE up to current RELEASE)

>How-To-Repeat:
    pf.conf file with rule:
        table local const { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
        nat from $local_me to ! local -> ($external_if)
        pass out quick route-to ($external_if $external_peer) from $external_me to ! <local>
        # dunno if last rule has effect, but i have multply outbound
        # interfaces and "floating" default route, so i need symmetric
        # outgoing routing

    then to check we run (with effect):
      # tcpdump -v -v -v -l -s 1600 -i vlan0 host f1news.ru                           

###### S, cksum 0xee62 (incorrect (-> 0xfcc5), 3464239052:3464239052(0)
###### here the effect ^^^^^^^^^^^^^^^^^^^^^^^

      # telnet f1news.ru 80

     and we may run telnet from the local network, everything will go OK

>Fix:
     i looked inside /usr/src/sys/contrib/pf/net/pf.c but dunno
     what to change here, seems invokation pf_cksum_fixup()
     has been forgotten somewhere

>Release-Note:
>Audit-Trail:
>Unformatted: