From owner-freebsd-net@freebsd.org  Sat Aug 17 21:25:58 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C98A9B23A4
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sat, 17 Aug 2019 21:25:58 +0000 (UTC)
 (envelope-from andywhite@gmail.com)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com
 [IPv6:2607:f8b0:4864:20::d2f])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 469tXP5WQCz3JHW
 for <freebsd-net@freebsd.org>; Sat, 17 Aug 2019 21:25:57 +0000 (UTC)
 (envelope-from andywhite@gmail.com)
Received: by mail-io1-xd2f.google.com with SMTP id z3so13251417iog.0
 for <freebsd-net@freebsd.org>; Sat, 17 Aug 2019 14:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=FMIs/QguocaAXtGwyZwVZP08KFR2aQaRZqPxiL89K+0=;
 b=kALwyDp/DQ2AkTfFd/5f6zwXKCERMX5AhHBMM+ZcrTlIbDDpJnMptM8kqkDYjpJQuM
 N7TCP0tRjkWucJZRnn2tJwRZXMfIGNAN8YOEHcQYhuhTJJfry6Zrstgi0CDCeFUKN4pm
 hk1UMRIQVRAipKXGXfi7KE8ObLdwcmZUvQkYBuQbN6K4RDu9gAUvPWXt6llaOcKghL6C
 l9cHmsq3XAjGARZQ7NiWvDnvuv7TraoT/YGeDxKjbeHZUQ5bHb7XF8HjBnyufzFN7BLN
 yijg5dcBhm6ODLYQCQt/FFq+knDXANqSXGaHsi3DB+N/fZDeEcJCbmazFx4BpQc0wg8X
 /c2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=FMIs/QguocaAXtGwyZwVZP08KFR2aQaRZqPxiL89K+0=;
 b=g47fyBjQ1+owOIzOP2tq2N4wFvYQnoYrwo5rwzqBHbRUmJ1/FwrmnDfgF07+um9+V5
 9h3Mi8F2FLpLtkw2tqWqo4lQrTFfBlcxtlzznVAA+H/a/cbVLclBabHZ7VvmVOthS4kL
 eLUBhN+SQk190omRxFhjagXzVYBf+SbdUQpAzkM9gQKSOgAXv+/vmRKLOvLpKGJCiV61
 bc/L6LTFoVIw0LIhFe0KdRUXsxFbV5GnkZj0TM+TBkQ5/fFz2h6grECbvqrdzd3WHeJC
 w92qsZG11N3Is4BLxhu7uzuPeY4+/j4GQw87IVD8Br5oa2iaccmEFpkCtcRr3Nn/vHwG
 /3ZA==
X-Gm-Message-State: APjAAAXT0oD5nF0a0uqhP7yIIUGcFxYAA46KRfpiqOH8dOQQX60HM1+Q
 3Qiggp87QMRsn63FKTzwYoN2TUrkSRZFpIUpjTRc+AZt
X-Google-Smtp-Source: APXvYqx7+2BOtKPsU6CVAZ21Haw/QrC40DwwIN//eDtKWZG4RnIODnwFZ/fjjOQKdTDRcELrLH1C7UWKDARULTBjUUU=
X-Received: by 2002:a05:6638:627:: with SMTP id
 h7mr18530716jar.33.1566077156141; 
 Sat, 17 Aug 2019 14:25:56 -0700 (PDT)
MIME-Version: 1.0
From: Andrew White <andywhite@gmail.com>
Date: Sat, 17 Aug 2019 22:25:44 +0100
Message-ID: <CAOZMOUFfzoVj2mtOHcQRpkrjU+02-kik+Nt7m0_oELUW=H=RXg@mail.gmail.com>
Subject: pf (rules and nat) + (ipfw + dummynet)
To: freebsd-net@freebsd.org
X-Rspamd-Queue-Id: 469tXP5WQCz3JHW
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=kALwyDp/;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of andywhite@gmail.com designates
 2607:f8b0:4864:20::d2f as permitted sender) smtp.mailfrom=andywhite@gmail.com
X-Spamd-Result: default: False [-4.00 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
 TO_DN_NONE(0.00)[]; IP_SCORE_FREEMAIL(0.00)[];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 IP_SCORE(0.00)[ip: (-5.66), ipnet: 2607:f8b0::/32(-2.95), asn: 15169(-2.38),
 country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[f.2.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; NEURAL_HAM_SHORT(-1.00)[-0.998,0];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2019 21:25:58 -0000

Hi

Using 11.3 , I've been trying to configure pf with dummynet.  Having ipfw
reply traffic sent into a dummynet pipe causes pf to reject the traffic.

Searching around and looking at ip_input.c it looks like dummynet reinjects
the packet back into input and this is what causes the problem , I'm
guessing the checksum changes.

Is this a known behaviour and are there functioning patches ?  I see
projects like opnsense and pfsense have patches for ip_input.c to skip some
of the code if it's a reinjected packet from dummynet

I also see some work underway to separate dummynet from ipfw, is there any
docs for the goals or timelines, will this allow dummynet anchors and use
of dnctl to use pf with dummynet like in macos ?

Kind regards

Andy