Date: Mon, 13 Jul 2015 11:15:51 +0200 From: Kristof Provost <kp@FreeBSD.org> To: Alexey Pereklad <technical@at-hacker.in> Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD 9.3: Looks like a bug in pf NAT while translating ICMP packets of type 3 Message-ID: <B838004D-739D-432B-AF57-B3BECF2E189B@FreeBSD.org> In-Reply-To: <55A380CF.2030503@at-hacker.in> References: <559BC04F.70107@at-hacker.in> <20150707123320.GF3135@vega.codepro.be> <55A380CF.2030503@at-hacker.in>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks. I=E2=80=99ve added it to my todo list. (No promises about when = I=E2=80=99ll have time though.) Regards, Kristof > On 13 Jul 2015, at 11:11, Alexey Pereklad <technical@at-hacker.in> = wrote: >=20 > Hi. >=20 > I checked if I can reproduce this issue with -CURRENT. Well, -CURRENT = has the same problem. Here is my test lab: >=20 > # uname -a > FreeBSD test-BSD-01.hyperv.local 11.0-CURRENT FreeBSD 11.0-CURRENT #1 = r285351: Fri Jul 10 14:49:08 MSK 2015 = root@test-BSD-01.hyperv.local:/usr/obj/usr/src/sys/GENERIC amd64 >=20 > Here is dump on LAN interface: >=20 > # tcpdump -npi hn1 host 172.16.129.18 > tcpdump: verbose output suppressed, use -v or -vv for full protocol = decode > listening on hn1, link-type EN10MB (Ethernet), capture size 262144 = bytes > 11:43:25.506775 IP 172.16.129.18.29490 > 208.67.220.220.53: 9125+ A? = freebsd.org. (29) > 11:43:25.570851 IP 208.67.220.220.53 > 172.16.129.18.29490: 9125 1/0/0 = A 8.8.178.110 (45) > 11:43:25.571635 IP 172.16.129.18 > 208.67.220.220: ICMP 172.16.129.18 = udp port 29490 unreachable, length 36 >=20 > Dump on external WAN interface at the same moment: >=20 > # tcpdump -npi hn0 \(udp and port 53\) or icmp > tcpdump: verbose output suppressed, use -v or -vv for full protocol = decode > listening on hn0, link-type EN10MB (Ethernet), capture size 262144 = bytes > 11:43:25.741672 IP 213.208.xx.yy.55677 > 208.67.220.220.53: 1319+ A? = ya.ru. (23) > 11:43:25.795961 IP 208.67.220.220.53 > 213.208.xx.yy.55677: 1319 3/0/0 = A 93.158.134.3, A 213.180.193.3, A 213.180.204.3 (71) > 11:43:25.796700 IP 172.16.129.18 > 208.67.220.220: ICMP 213.208.xx.yy = udp port 55677 unreachable, length 36 >=20 > So I've created bugreport: = https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D201519 >=20 > 07.07.2015 15:33, Kristof Provost =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >> On 2015-07-07 15:04:31 (+0300), technical account = <technical@at-hacker.in> wrote: >>> I have an issue with pf in FreeBSD 9.3. Looks there is something = wrong >>> with pf's NAT while processing ICMP packets of type 3 (destination >>> unreachable). >>>=20 >> Can you check if this also happens on CURRENT? >>=20 >> If so, please create a bug on bugs.freebsd.org/bugzilla and cc me >> (kp@FreeBSD.org). >> You've already gathered the information required for a good bug = report. >>=20 >> I'll try to take a look at it when I find some time. >>=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B838004D-739D-432B-AF57-B3BECF2E189B>