Date: Mon, 13 Dec 2004 23:37:06 GMT From: Arne Wörner <arne_woerner@yahoo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/75036: pf / icmp 64 / operation wrongully not permitted? Message-ID: <200412132337.iBDNb69k046519@www.freebsd.org> Resent-Message-ID: <200412132340.iBDNeQY5070435@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 75036 >Category: kern >Synopsis: pf / icmp 64 / operation wrongully not permitted? >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 13 23:40:26 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Arne Wörner >Release: R5.3 >Organization: >Environment: FreeBSD neo.riddick.homeunix.org. 5.3-RELEASE FreeBSD 5.3-RELEASE #9: Thu Dec 2 20:23:28 UTC 2004 aw@neo.riddick.homeunix.org.:/usr/src/sys/i386/compile/RIDDICK i386 >Description: I just tried to do ping -R localhost With pf enabled: The ping command says that the operation is not permitted. With pf disabled: The ping command works as expected. tcpdump (pflog) said, that rule 2 (pass out quick on lo0 all) matched for every sequence number once: neo# tcpdump -nr /var/log/pflog icmp and rulenum 2 23:23:34.017915 IP 127.0.0.1 > 127.0.0.1: icmp 64: echo request seq 9 >How-To-Repeat: pf rules: scrub in all fragment reassemble block drop in log all pass in quick on lo0 all pass out quick on lo0 all block drop in log on tun0 all block drop in log on tun0 from any to (tun0) pass out log-all on tun0 proto icmp from (tun0) to any keep state pass out log-all on tun0 proto tcp from (tun0) to any keep state pass out log-all on tun0 proto udp from (tun0) to any keep state ping said: neo# ping -R localhost PING localhost (127.0.0.1): 56 data bytes ping: sendto: Operation not permitted ping: sendto: Operation not permitted ^C --- localhost ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss neo# ping localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.116 ms ^C --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.116/0.116/0.116/0.000 ms >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412132337.iBDNb69k046519>