Date: Mon, 13 Jul 2015 11:15:51 +0200 From: Kristof Provost <kp@FreeBSD.org> To: Alexey Pereklad <technical@at-hacker.in> Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD 9.3: Looks like a bug in pf NAT while translating ICMP packets of type 3 Message-ID: <B838004D-739D-432B-AF57-B3BECF2E189B@FreeBSD.org> In-Reply-To: <55A380CF.2030503@at-hacker.in> References: <559BC04F.70107@at-hacker.in> <20150707123320.GF3135@vega.codepro.be> <55A380CF.2030503@at-hacker.in>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks. I’ve added it to my todo list. (No promises about when I’ll have time though.) Regards, Kristof > On 13 Jul 2015, at 11:11, Alexey Pereklad <technical@at-hacker.in> wrote: > > Hi. > > I checked if I can reproduce this issue with -CURRENT. Well, -CURRENT has the same problem. Here is my test lab: > > # uname -a > FreeBSD test-BSD-01.hyperv.local 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r285351: Fri Jul 10 14:49:08 MSK 2015 root@test-BSD-01.hyperv.local:/usr/obj/usr/src/sys/GENERIC amd64 > > Here is dump on LAN interface: > > # tcpdump -npi hn1 host 172.16.129.18 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on hn1, link-type EN10MB (Ethernet), capture size 262144 bytes > 11:43:25.506775 IP 172.16.129.18.29490 > 208.67.220.220.53: 9125+ A? freebsd.org. (29) > 11:43:25.570851 IP 208.67.220.220.53 > 172.16.129.18.29490: 9125 1/0/0 A 8.8.178.110 (45) > 11:43:25.571635 IP 172.16.129.18 > 208.67.220.220: ICMP 172.16.129.18 udp port 29490 unreachable, length 36 > > Dump on external WAN interface at the same moment: > > # tcpdump -npi hn0 \(udp and port 53\) or icmp > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on hn0, link-type EN10MB (Ethernet), capture size 262144 bytes > 11:43:25.741672 IP 213.208.xx.yy.55677 > 208.67.220.220.53: 1319+ A? ya.ru. (23) > 11:43:25.795961 IP 208.67.220.220.53 > 213.208.xx.yy.55677: 1319 3/0/0 A 93.158.134.3, A 213.180.193.3, A 213.180.204.3 (71) > 11:43:25.796700 IP 172.16.129.18 > 208.67.220.220: ICMP 213.208.xx.yy udp port 55677 unreachable, length 36 > > So I've created bugreport: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519 > > 07.07.2015 15:33, Kristof Provost пишет: >> On 2015-07-07 15:04:31 (+0300), technical account <technical@at-hacker.in> wrote: >>> I have an issue with pf in FreeBSD 9.3. Looks there is something wrong >>> with pf's NAT while processing ICMP packets of type 3 (destination >>> unreachable). >>> >> Can you check if this also happens on CURRENT? >> >> If so, please create a bug on bugs.freebsd.org/bugzilla and cc me >> (kp@FreeBSD.org). >> You've already gathered the information required for a good bug report. >> >> I'll try to take a look at it when I find some time. >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B838004D-739D-432B-AF57-B3BECF2E189B>