https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207055
Bug ID: 207055
Summary: ipv6 pmtu discovery not working with pf active
Product: Base System
Version: 10.2-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs@FreeBSD.org
Reporter: h...@hellmuth-michaelis.de
CC: freebsd-am...@freebsd.org
CC: freebsd-am...@freebsd.org
IPv6 path mtu discovery is not working when pf is enabled and active.
OS Version is 10.3 BETA1
A very similar bug was reported in 115413, and i see that the there mentioned
patch is applied, but v6 pmtu is still not working.
There was already a mail sent to freebsd-net some time ago with a detailed
description of what is happening and things i tried, it can be found at
https://lists.freebsd.org/pipermail/freebsd-net/2014-May/038590.html
The problem is, that the machine in question sends out an (obviously) too large
packet. The router (which is also a FreeBSD machine being the gateway to sixxs)
detects this and sends an ICMP Packet too big back.
In case pf is disabled, all is fine and you can see the updated mtu in
net.inet.tcp.hostcache.list.
As soon as you enable pf, this does not take place anymore and the router sends
the ICMP too big messages 4 or 5 times and the connection hangs and no update
to net.inet.tcp.hostcache.list is taking place.
At the first time i saw this, it was a 2014 FreeBSD 10, now i upgraded the
machine to 10.3 BETA1 and the effect is still the same.
I made a patch to /usr/src/sys/netpfil/pf/pf.c with a shortcircuit and some
printfs and then pmtu functions again with pf enabled (you see it in
net.inet.tcp.hostcache.list) - i think this is not a fix but at least a
workaround:
*** pf.c-DIST Thu Jan 14 12:06:14 2016
--- pf.c Mon Feb 8 16:23:41 2016
***************
*** 4759,4766 ****
pf_print_state(*state);
printf(" seq=%u\n", seq);
}
! REASON_SET(reason, PFRES_BADSTATE);
! return (PF_DROP);
} else {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: OK ICMP %d:%d ",
--- 4759,4780 ----
pf_print_state(*state);
printf(" seq=%u\n", seq);
}
! if(icmptype != ICMP6_PACKET_TOO_BIG)
! {
! REASON_SET(reason, PFRES_BADSTATE);
! return (PF_DROP);
! }
! else
! {
! printf("pf: suspicious ICMP %d:%d ",
! icmptype, pd->hdr.icmp->icmp_code);
! pf_print_host(pd->src, 0, pd->af);
! printf(" -> ");
! pf_print_host(pd->dst, 0, pd->af);
! printf(" state: ");
! pf_print_state(*state);
! printf(" seq=%u\n", seq);
! }
} else {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: OK ICMP %d:%d ",
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
