Date: Thu, 23 Jul 2015 15:38:46 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 201590] Zerowindow packets escape stateful in-kernel NAT Message-ID: <bug-201590-2472-9Iov6ZuCD8@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-201590-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-201590-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590 --- Comment #7 from g_amanakis@yahoo.com --- (In reply to smithi from comment #6) I think this has nothing to do with the local interface, simply because the keepalive packets are generated from the *gateway* through ipfw_dyn_send_ka(). Commenting out the function resolves the symptoms. The actual sending takes place in check_dyn_rules() through ip_output(). The keepalive seems to be generated from the gateway on the basis of the dynamic rule, and this is before the outgoing NAT takes place, i.e. with the IP of the LAN. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201590-2472-9Iov6ZuCD8>