Date: Tue, 21 Mar 2017 13:18:47 +0900 From: "Kristof Provost" <kristof@sigsegv.be> To: "Ermal =?utf-8?q?Lu=C3=A7i?=" <ermal.luci@gmail.com> Cc: bugzilla-noreply@freebsd.org, freebsd-net <freebsd-net@freebsd.org> Subject: Re: [Bug 203735] Transparent interception of ipv6 with squid and pf causes panic Message-ID: <E05D18FB-0631-4D6D-9408-DD90DE892D3B@sigsegv.be> In-Reply-To: <CAPBZQG0uLNwKfdZF12zUh0wOqUmUR086T_t=-U1=PEwLdHvmpg@mail.gmail.com> References: <bug-203735-2472@https.bugs.freebsd.org/bugzilla/> <bug-203735-2472-QLl8ivsAu1@https.bugs.freebsd.org/bugzilla/> <CAPBZQG0uLNwKfdZF12zUh0wOqUmUR086T_t=-U1=PEwLdHvmpg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Mar 2017, at 11:24, Ermal Luçi wrote: > On Sun, Mar 19, 2017 at 9:41 PM, <bugzilla-noreply@freebsd.org> wrote: >> + m->m_flags |= M_SKIP_FIREWALL | M_FASTFWD_OURS; >> > > > I am not sure this is really what is happening here. > Can you provide more data from your analysis? > > In ip6_input(), immediately after the pfil hook there’s a check for M_FASTFWD_OURS. If that flag is set we jump to hbhcheck, which skips all of the scope validation. In the given test case (rdr log on vtnet0 inet6 proto tcp from any to any port 80 -> ::1 port 8000 for example), I also see, in the output of `netstat -s -6` ‘X packets that violated scope rules’ increment. That still doesn’t work, but now I do see ip6_output() being called, and the packet being discarded due to scope issues there (through simple printf()s in the function). Regards, Kristof From owner-freebsd-net@freebsd.org Tue Mar 21 07:34:25 2017 Return-Path: <owner-freebsd-net@freebsd.org> Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D607FD1699A for <freebsd-net@mailman.ysv.freebsd.org>; Tue, 21 Mar 2017 07:34:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C61111D77 for <freebsd-net@FreeBSD.org>; Tue, 21 Mar 2017 07:34:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v2L7YOlS012383 for <freebsd-net@FreeBSD.org>; Tue, 21 Mar 2017 07:34:25 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 217637] One TCP connection accepted TWO times Date: Tue, 21 Mar 2017 07:34:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tuexen@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: <bug-217637-2472-w28SL3VWq1@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-217637-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-217637-2472@https.bugs.freebsd.org/bugzilla/> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>; List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 21 Mar 2017 07:34:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217637 --- Comment #75 from Michael Tuexen <tuexen@freebsd.org> --- (In reply to Mike Karels from comment #74) I agree completely with Mike. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E05D18FB-0631-4D6D-9408-DD90DE892D3B>