From owner-freebsd-pf@freebsd.org  Sun Sep  6 03:21:57 2015
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B760B9CB93A
 for <freebsd-pf@mailman.ysv.freebsd.org>; Sun,  6 Sep 2015 03:21:57 +0000 (UTC)
 (envelope-from kp@FreeBSD.org)
Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7D9DC98F
 for <freebsd-pf@freebsd.org>; Sun,  6 Sep 2015 03:21:57 +0000 (UTC)
 (envelope-from kp@FreeBSD.org)
Received: from [10.10.8.36] (unknown [38.70.1.14])
 by venus.codepro.be (Postfix) with ESMTPSA id 97854B2D5;
 Sun,  6 Sep 2015 05:21:54 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3093\))
Subject: Re: Near-term pf plans
From: Kristof Provost <kp@FreeBSD.org>
In-Reply-To: <D5D97B4D-6360-4762-B38B-53BCC0377A5C@netbox.org>
Date: Sat, 5 Sep 2015 23:21:51 -0400
Cc: Markus Gebert <markus.gebert@hostpoint.ch>,
 freebsd-pf@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <AEE6F5EC-6A6B-4E85-B7E8-8FC1DC22BB54@FreeBSD.org>
References: <20150823150957.GK48727@vega.codepro.be>
 <3121D8E4-A27E-475B-9771-C09347D1D793@hostpoint.ch>
 <1DDBFAD5-9AFB-4A21-8D16-BD85AB30F448@FreeBSD.org>
 <D5D97B4D-6360-4762-B38B-53BCC0377A5C@netbox.org>
To: Niels <niels@netbox.org>
X-Mailer: Apple Mail (2.3093)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Sep 2015 03:21:57 -0000


> On 05 Sep 2015, at 23:17, Niels <niels@netbox.org> wrote:
>=20
>=20
>> On 24 Aug 2015, at 18:16, Kristof Provost <kp@FreeBSD.org> wrote:
>>=20
>>>> - PR 202351
>>>> This is a panic after ip6 reassembly in pf. We set the rcvif to =
NULL
>>>> when refragmenting. That seems to go OK execpt when we're =
refragmenting
>>>> broadcast/multicast packets in the forwarding path. It's not at all
>>>> clear to me how that could happen.
>>>=20
>>> if_bridge wants to forward ipv6 multicasts. pf refragmentation code =
tries to send out the resulting packets using ip6_forward() which does =
not handle multicasts, drops the packet and tries to log that fact, =
which causes the panic.
>>>=20
>>> I=E2=80=99ve updated the PR with some more thoughts about this.
>>>=20
>> Yes, I saw that pass by earlier. Thanks for that, I think you did a =
great analysis.
>>=20
>> Unfortunately there are other issues with pf on bridges. (See PR =
185633 for example)
>> I wouldn=E2=80=99t expect the fragmentation and reassembly to work at =
all in that scenario.
>>=20
>> I=E2=80=99ll see what I can do about at least fixing the panic in the =
short term.
>> Even if the reassembly/refragmentation doesn=E2=80=99t work (on =
bridges) we should at least no panic.
>>=20
>> Regards,
>> Kristof
>=20
> Is this just the very same issue I see after upgrading to i386 =
releng/10.2 on my pf/bridge/ip6 router?
>=20
> It has a bunch of interfaces bridged on the lan, and an mpd/ng =
interface with IP6 default route over it. Right after booting it crashes =
with
Yes. There=E2=80=99s a fix on current as of r287376.

Regards,
Kristof=