Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Feb 2003 15:53:34 +0300 (MSK)
From:      "Alex L. Demidov" <alexd@vinf.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        alexd@vinf.ru
Subject:   kern/48741: ipnat corrupts packets on gre interface with <rdr> rules
Message-ID:  <200302271253.h1RCrYU2006553@orlando.vinf.ru>
next in thread | raw e-mail | index | archive | help 

>Number:         48741
>Category:       kern
>Synopsis:       ipnat corrupts packets on gre interface with <rdr> rules
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 27 05:00:26 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Alex L. Demidov
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
Variant-Inform ISP
>Environment:
System: FreeBSD orlando.vinf.ru 4.7-STABLE FreeBSD 4.7-STABLE #13: Tue Jan 21 20:29:38 MSK 2003 root@orlando.vinf.ru:/.ftp/obj/.src/src/sys/ORLANDO i386


>Description:
When using ipnat <rdr> rules for redirecting packets incoming on gre 
interface, ipnat replaces destination ip:port pair (right) and 
swaps destination ip:port with source ip:port (?!).

>How-To-Repeat:

initialize gre tunnel 
initialize ipnat
  $ echo 'rdr gre0 0.0.0.0/0 port 80 -> ${server} port 3128 tcp' > ipnat.rules
  $ ipnat -CF -f ipnat.rules
generate some traffice from host ${client}  incoming to gre interface with destination port = 80.
  $ tcpdump -v -i gre0 src host ${client} and dst port 80
and another instance of tcpdump
  $ tcpdump -v -i ${primary_interface} src host ${server} and src port 3128 and dst host ${client}

You will see something like I captured today:

gre0: 1:50:31.024708 ${client}.4867 > ${somehost}.http: S [tcp sum ok] 2382677246:2382677246(0) win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 125, id 60400, len 48)

xl0: 01:50:31.024771 ${server}.3128 > ${client}.4867: S [tcp sum ok] 175447728:175447728(0) ack 2382677247 win 57344 <mss 1460> (DF) (ttl 64, id 6641, len 44, bad cksum 0!)

gre0: 01:50:33.989896 ${client}.4867 > ${somehost}.http: S [tcp sum ok] 2382677246:2382677246(0) win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 125, id 60402, len 48)

xl0: 1:50:33.989953 ${server}.3128 > ${client}.4867: S [tcp sum ok] 175447728:175447728(0) ack 2382677247 win 57344 <mss 1460> (DF) (ttl 64, id 6661, len 44, bad cksum 0!)

>Fix:

	Don't know.

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302271253.h1RCrYU2006553>