Date: Tue, 09 Dec 2025 19:47:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 291527] pf: NAT64 af-to generates garbage ICMP error packet when TTL exceeded Message-ID: <bug-291527-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291527 Bug ID: 291527 Summary: pf: NAT64 af-to generates garbage ICMP error packet when TTL exceeded Product: Base System Version: 16.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ivy@FreeBSD.org tested on main from today (701e4b36b4510c8cf26155ec3ab5aca9b7ba9406), amd64, in a jail. when using "af-to inet" (NAT64) in pf, and the router originates a TTL exceeded error (e.g., in the first hop of traceroute that reaches the NAT64 router), the generated packet is garbage. the traceroute packet which causes the error to be originated: 19:44:11.315080 IP6 (hlim 1, next-header ICMPv6 (58) payload length: 20) fd00:0:0:1::c > 64:ff9b::101:101: [icmp6 sum ok] ICMP6, echo request, id 6279, seq 1 the packet generated by the router: 19:44:11.315144 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 48) fe80::2 > 101:0:a00:1:101:101:800:df77: [icmp6 sum ok] ICMP6, unknown icmp6 type (11), length 48 0x0000: 0b00 5509 0000 0000 4500 0028 5a61 0000 0x0010: 0101 0000 0a00 0001 0101 0101 0800 df77 0x0020: 1887 0001 0000 0000 0000 0000 0000 0000 pf.conf: ----o<---- pass in pass out pass in on nat64b inet6 from any to 64:ff9b::/96 af-to inet from 10.0.0.1/32 ----o<---- rc.conf: ----o<---- ifconfig_nat64b="inet 10.0.0.1/32" ifconfig_nat64b_ipv6="inet6 fe80::2/64" ipv6_defaultrouter="fe80::1%nat64b" defaultrouter="-inet6 $ipv6_defaultrouter" pf_enable=YES ----o<---- -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-291527-227>