From owner-freebsd-pf@FreeBSD.ORG Sun Sep 28 04:17:19 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 16EEB7DE for ; Sun, 28 Sep 2014 04:17:19 +0000 (UTC) Received: from mail-ig0-x234.google.com (mail-ig0-x234.google.com [IPv6:2607:f8b0:4001:c05::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA0A7CC2 for ; Sun, 28 Sep 2014 04:17:18 +0000 (UTC) Received: by mail-ig0-f180.google.com with SMTP id a13so1622514igq.1 for ; Sat, 27 Sep 2014 21:17:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=BEOkGDgxBxVM2BBbLTBvVNQASoEM43bqh5QIWdI8RKs=; b=L6+RZfAu9JwB1vmUNAC1jzqKy7oPqj6QZ5jWmxHCcqHdNQHYLPpEXkDN/UodCbBJyr 7gsy/ti6oBvgOCxVj0VLFKGhnTbSRNEtEJxaZ/cytKDhAsStXfWb27brxYlOOZXTV9Np CXLHgBdlvKa1RUCSEj/HrZiag8ZDIrAVnk2PT/EKY0gA3BRULhRe5M355OC0+m59Ggmv 04I56I9lZsehIm+pL09FW9BuZAw7tVWekKYlNdW6bCotiI6yJq04cHciY/H1+3Xyfqx/ DmNtJ0PliF4ALJFGIM4XTDcnm33gVVccA+qmp5S3/UCINkTzVevRQWohyS0JkCRw3eKE xhbw== MIME-Version: 1.0 X-Received: by 10.51.17.2 with SMTP id ga2mr32952977igd.2.1411877838217; Sat, 27 Sep 2014 21:17:18 -0700 (PDT) Received: by 10.42.185.82 with HTTP; Sat, 27 Sep 2014 21:17:18 -0700 (PDT) Date: Sun, 28 Sep 2014 00:17:18 -0400 Message-ID: Subject: pf IPv6 NAT using link local addresses From: Russell Yount To: freebsd-pf@freebsd.org Content-Type: multipart/mixed; boundary=001a113491e40382fe0504186da1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: Russell Yount X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Sep 2014 04:17:19 -0000 --001a113491e40382fe0504186da1 Content-Type: text/plain; charset=UTF-8 Specify IPv6 NAT with FreeBSD 9.3 in pf.conf as nat on $external inet6 from $local6 to any -> ($external) results in pf attempting to load balance between the routable IPv6 addresses and the link-local IPv6 address as the translation addresses. Specify IPv6 NAT with FreeBSD 9.3 in pf.conf as nat on $external inet6 from $local6 to any -> ($external:0) results in pf using the link-local IPv6 address as address as the translation address. Both of these behaviors are wrong; pf does not understand scope of IPv6 link-local addresses as different from routable ipV6 addresses. The following patch permits the use of ($external::0) syntax to select the first routable IPv6 address rather than the link-local address so it can be used with IPv6 NAT correctly. It only handles the case of one routable IPV6 address and ($external) syntax still attempts to round-robin between routable IPv6 addresses and the link-local IPv6 address. Not sure if changing ($external) syntax to omit link-local addresses would cause other problems? -Russ --- usr/src/sys/contrib//pf/net/pf_if.c-orig 2014-07-10 17:59:41.000000000 -0400 +++ usr/src/sys/contrib//pf/net/pf_if.c 2014-08-24 18:13:57.000000000 -0400 @@ -690,6 +690,10 @@ IN6_IS_ADDR_LINKLOCAL( &((struct sockaddr_in6 *)ia->ifa_addr)->sin6_addr)) continue; + if ((flags & PFI_AFLAG_NOALIAS) && af == AF_INET6 && + IN6_IS_ADDR_LINKLOCAL( + &((struct sockaddr_in6 *)ia->ifa_addr)->sin6_addr)) + continue; if (flags & PFI_AFLAG_NOALIAS) { if (af == AF_INET && got4) continue; --001a113491e40382fe0504186da1 Content-Type: application/octet-stream; name="freebsd-9.3-pf-ipv6-nat.patch" Content-Disposition: attachment; filename="freebsd-9.3-pf-ipv6-nat.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i0lue1010 LS0tIHVzci9zcmMvc3lzL2NvbnRyaWIvL3BmL25ldC9wZl9pZi5jLW9yaWcJMjAxNC0wNy0xMCAx Nzo1OTo0MS4wMDAwMDAwMDAgLTA0MDAKKysrIHVzci9zcmMvc3lzL2NvbnRyaWIvL3BmL25ldC9w Zl9pZi5jCTIwMTQtMDgtMjQgMTg6MTM6NTcuMDAwMDAwMDAwIC0wNDAwCkBAIC02OTAsNiArNjkw LDEwIEBACiAJCSAgICBJTjZfSVNfQUREUl9MSU5LTE9DQUwoCiAJCSAgICAmKChzdHJ1Y3Qgc29j a2FkZHJfaW42ICopaWEtPmlmYV9hZGRyKS0+c2luNl9hZGRyKSkKIAkJCWNvbnRpbnVlOworCQlp ZiAoKGZsYWdzICYgUEZJX0FGTEFHX05PQUxJQVMpICYmIGFmID09IEFGX0lORVQ2ICYmCisJCSAg ICBJTjZfSVNfQUREUl9MSU5LTE9DQUwoCisJCSAgICAmKChzdHJ1Y3Qgc29ja2FkZHJfaW42ICop aWEtPmlmYV9hZGRyKS0+c2luNl9hZGRyKSkKKwkJCWNvbnRpbnVlOwogCQlpZiAoZmxhZ3MgJiBQ RklfQUZMQUdfTk9BTElBUykgewogCQkJaWYgKGFmID09IEFGX0lORVQgJiYgZ290NCkKIAkJCQlj b250aW51ZTsK --001a113491e40382fe0504186da1-- From owner-freebsd-pf@FreeBSD.ORG Mon Sep 29 18:21:24 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 938FAE7B; Mon, 29 Sep 2014 18:21:24 +0000 (UTC) Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E4099BF; Mon, 29 Sep 2014 18:21:23 +0000 (UTC) Received: by mail-la0-f43.google.com with SMTP id gb8so9167094lab.30 for ; Mon, 29 Sep 2014 11:21:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Yjx1yn6MydME2mxs/qMVRuP6upr3R6TJYVDodSmrsOU=; b=HUPO5UCUXHzNUlme7AjM5pQ+1Hg2HJ6LQUAGD26yB3GXhKdfJAQydCqR+zlx+xM+HZ WEgXQXmGCV/fKNL15mSp+y6x2inN4VQHSORzlECac5BZ69ZuiGUBaazrq+BOJ/1SqlVj 5xFw3+fJn/2ulUQPL0FIJZMku+VuQvx7m1Qga5kS2k4d7aEA1S0FTSZXJCXaU+maCkcU xKkXIf636GPmO+x5LnT3TQ0EusWY4SEm1Y7OPN7/sKDfP6zW4J9CvW/b8PXuaRgzVp0h UmfaOygBLpkvO2tqqMh8DwlXEEs2N1u6ia1M0Bnm6Huh875b2nmOqFSlPajOzoHFQW5B jXSw== MIME-Version: 1.0 X-Received: by 10.112.55.7 with SMTP id n7mr39352621lbp.16.1412014881739; Mon, 29 Sep 2014 11:21:21 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.25.43.2 with HTTP; Mon, 29 Sep 2014 11:21:21 -0700 (PDT) In-Reply-To: <542997C3.5090004@netfence.it> References: <542997C3.5090004@netfence.it> Date: Mon, 29 Sep 2014 20:21:21 +0200 X-Google-Sender-Auth: FAnmGr4HNbaZku0os09YqLT0e8Y Message-ID: Subject: Re: pf stuck From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= To: Andrea Venturoli , "freebsd-pf@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-net X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2014 18:21:24 -0000 Probably is better you ask this on freebsd-pf@. Though this sounds like state limit reached. On Mon, Sep 29, 2014 at 7:32 PM, Andrea Venturoli wrote: > Hello. > > Today a box of mine (8.4p16/amd64) stopped working as a router; I don't > have a clear picture, but the internal nets were working perfectly, while > the external interfaces lagged, dropped connections or stopped packets from > passing. > > The box is running pf (for handling multiple Internet lines) + ipfw (for > firewalling). > I tried a simple telnet xxx:80 and this is what I observed: > _ tcpdump would see packets going out and replies coming in; > _ an early ipfw allow rule with setup keep-state would see no packet going > out and would not create any dinamic rule. > > This lead me to look into pf... > "/etc/rc.d/pf restart" did not solve. > "/etc/rc.d/pf stop ; /etc/rc.d/pf start" did! > > > > These are my pf rules: > >> pass out quick inet from 192.168.x.0/24 to 192.168.y.0/24 no state >> pass out quick inet from 192.168.x.0/24 to 192.168.z.0/24 no state >> pass out log quick route-to (vlan3 192.168.x.x) inet from 192.168.x.0/24 >> to ! 192.168.x.0/24 no state >> pass out quick inet from a.b.c.d/29 to 192.168.y.0/24 no state >> pass out quick inet from a.b.c.d/29 to 192.168.z.0/24 no state >> pass out log quick route-to (vlan1 a.b.c.e) inet from a.b.c.d/29 to ! >> a.b.c.d/29 no state >> pass out quick inet from i.j.k.l/29 to 192.168.z.0/24 no state >> pass out quick inet from i.j.k.l/29 to 192.168.z.0/24 no state >> pass out log quick route-to (vlan2 i.j.k.m) inet from i.j.k.l/29 to ! >> i.j.k.l/29 no state >> > > These rules are working fine, but have hanged already twice in two weeks > (once on this box, once on an almost identical one). > > > > Is there any known problem wrt running pf? pf+ipfw? pf on 8.4? > Any hint on how to search for what's wrong? > > > > bye & Thanks > av. > > P.S. Please, forgive me, but I'm quite noob with pf. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Ermal From owner-freebsd-pf@FreeBSD.ORG Mon Sep 29 20:42:20 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9AC94573; Mon, 29 Sep 2014 20:42:20 +0000 (UTC) Received: from cp-out8.libero.it (cp-out8.libero.it [151.1.108.65]) by mx1.freebsd.org (Postfix) with ESMTP id 28024381; Mon, 29 Sep 2014 20:42:19 +0000 (UTC) X-CTCH-Spam: Unknown X-CTCH-RefID: str=0001.0A0C0204.5429C425.0028,ss=1,re=0.000,fgs=0 X-libjamoibt: 1555 Received: from soth.ventu (151.41.137.184) by cp-out8.libero.it (8.5.133) id 53075C36173CB621; Mon, 29 Sep 2014 22:42:13 +0200 Received: from alamar.ventu (alamar.ventu [10.1.2.18]) by soth.ventu (8.14.9/8.14.7) with ESMTP id s8TKgCZg041181; Mon, 29 Sep 2014 22:42:12 +0200 (CEST) (envelope-from ml@netfence.it) Message-ID: <5429C424.9060400@netfence.it> Date: Mon, 29 Sep 2014 22:42:12 +0200 From: Andrea Venturoli User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: =?UTF-8?B?RXJtYWwgTHXDp2k=?= , "freebsd-pf@freebsd.org" Subject: Re: pf stuck References: <542997C3.5090004@netfence.it> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2014 20:42:20 -0000 On 09/29/14 20:21, Ermal Luçi wrote: > Probably is better you ask this on freebsd-pf@. Thanks, I see you have already cc:ed it. > Though this sounds like state limit reached. Can this happen even if all my pf rules have "no state"? bye & Thanks av. From owner-freebsd-pf@FreeBSD.ORG Tue Sep 30 10:21:07 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AA52CE65; Tue, 30 Sep 2014 10:21:07 +0000 (UTC) Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1BBDAEA; Tue, 30 Sep 2014 10:21:06 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id n3so4019267wiv.8 for ; Tue, 30 Sep 2014 03:21:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=hFARJahobUKFOgLnhR4/76ypxolUjHInGg9lPhO3vLk=; b=jl/ZG3vMgehxYZNb/1guYGxaWIakxoYgLNhgQk0n3P8Ohk2ViBmBqa/Cc3zZhOx3O2 mrkpICwemUDUMvtJ7+xFQb3krUfj5j0cJjssYYBWkmPOUPf/reyB62vogRL0/df58R/W 0a+vgdodBfW5YnfFyHgHWkciyPj7uZnpoH+ukLBAp0OYqYxor5vur2TjddnBZtrBQDeO mNN2LnI8SkwIQHV1jvWaholeXp7r4F/s1ZTtrXXZDLltFWw949y4657Xo7HToKp+DcD1 EamN94tPvkzuy3M/NrOYHi46FhmpYyJt/4D1xIOI/f1XwXGjByIBWg6O9j/QkWndCv6M RrmQ== X-Received: by 10.194.184.111 with SMTP id et15mr32369453wjc.14.1412072465393; Tue, 30 Sep 2014 03:21:05 -0700 (PDT) Received: from [192.168.2.30] ([2.176.158.152]) by mx.google.com with ESMTPSA id a2sm9180871wic.19.2014.09.30.03.21.03 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 30 Sep 2014 03:21:04 -0700 (PDT) Message-ID: <542A8411.1060608@gmail.com> Date: Tue, 30 Sep 2014 13:51:05 +0330 From: Hooman Fazaeli User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130215 Thunderbird/17.0.3 MIME-Version: 1.0 To: Andrea Venturoli Subject: Re: pf stuck References: <542997C3.5090004@netfence.it> <5429C424.9060400@netfence.it> In-Reply-To: <5429C424.9060400@netfence.it> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net , "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2014 10:21:07 -0000 On 9/30/2014 12:12 AM, Andrea Venturoli wrote: > On 09/29/14 20:21, Ermal Luçi wrote: >> Probably is better you ask this on freebsd-pf@. > > Thanks, I see you have already cc:ed it. > > > >> Though this sounds like state limit reached. > > Can this happen even if all my pf rules have "no state"? No. Anyway, you can check state statistics with: pfctl -s i ; pfctl -s m -- Best regards. Hooman Fazaeli From owner-freebsd-pf@FreeBSD.ORG Wed Oct 1 10:46:01 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C6EABC8 for ; Wed, 1 Oct 2014 10:46:01 +0000 (UTC) Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE26FE7C for ; Wed, 1 Oct 2014 10:46:00 +0000 (UTC) Received: by mail-wg0-f47.google.com with SMTP id x13so70621wgg.30 for ; Wed, 01 Oct 2014 03:45:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=Lx+8ybchrOK2uebf9izXj/CGzbQGUtBoJdU+rYCCTfo=; b=ygfB1ruaC2JLeDt7umWLcDecMbtM4nFKkKiJU/SqhDmj5/FvrK78I6Rywn0PlNiloW KmG1lg8nJJq4c6ZCYS/uCRjTus1DDJXVCEF8uJuklVPVdXA8nLumIh+w8U2JNNYj+7uD rANbSNhxF03WEFSOIGoywqmzZxc8MS/5P72/WUnv4LfFq1wVx61zBUzUHeDjsqAamdgh XWfaH8lDsyBe5k1Ji6CyfLIs2CB00qOPFGYjfsLIApxtI5gvi4MtOltq1vHdQqgPUnw9 gJms1CmwDe/yV+ZJYnLkxoULgsr/glTQzJiTMH3IVe/hL/qWXPoPJ51QzbaEqgphrsLy rHbA== X-Received: by 10.180.38.7 with SMTP id c7mr12868126wik.65.1412160359094; Wed, 01 Oct 2014 03:45:59 -0700 (PDT) MIME-Version: 1.0 Received: by 10.27.129.69 with HTTP; Wed, 1 Oct 2014 03:45:39 -0700 (PDT) From: sadegh solati Date: Wed, 1 Oct 2014 14:15:39 +0330 Message-ID: Subject: PF DIVERT LOOP To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Oct 2014 10:46:01 -0000 I have written a small program which does not do any specific job. It gets packets from divert socket and reinjects them back. A message is printed when a packet is received. The problem is that when i send only one packet a lot of "packet received" message will be printed. I use pf for diverting. My pf.conf contains just one line: "pass quick log(all) on em0 proto tcp from 192.168.11.92 to any port 80 keep state divert-to 127.0.0.1 port 8080" The following is my code : #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define DIVERT_PORT 8080 int main(int argc, char *argv[]) { int fd,s,m,i; struct sockaddr_in sin; socklen_t sin_len; char packet[1600]; struct ip *ip_hdr; struct tcpiphdr *tcpip_hdr; fd = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT); if (fd == -1) err(1, "socket"); bzero(&sin, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_port = htons(DIVERT_PORT); sin.sin_addr.s_addr = inet_addr("127.0.0.1"); sin_len = sizeof(struct sockaddr_in); s = bind(fd, (struct sockaddr *) &sin, sin_len); if (s == -1) err(1, "bind"); for (;;) { bzero(packet, sizeof(packet)); m = recvfrom(fd, packet, sizeof(packet), 0, (struct sockaddr *) &sin, &sin_len); sendto(fd, packet, m, 0, (struct sockaddr *) &sin, sin_len); std::cout<<"Packet Recv \n"; } return 0; } Thank You All In Advance From owner-freebsd-pf@FreeBSD.ORG Wed Oct 1 20:31:09 2014 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EA9A5246 for ; Wed, 1 Oct 2014 20:31:09 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D2B79228 for ; Wed, 1 Oct 2014 20:31:09 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id s91KV9DZ006742 for ; Wed, 1 Oct 2014 20:31:09 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 179392] [pf] [ip6] Incorrect TCP checksums in rdr return packets Date: Wed, 01 Oct 2014 20:31:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: vava720@gmail.com X-Bugzilla-Status: In Discussion X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Oct 2014 20:31:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392 vava720@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vava720@gmail.com --- Comment #6 from vava720@gmail.com --- Hi all, I also have this bug on FreeBSD 10.0. I have nothing to add, everything have been said in Paul's post and the above comments. -- You are receiving this mail because: You are the assignee for the bug.