https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193568
Alan Somers <asom...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |asom...@freebsd.org
Status|New |Open
--- Comment #2 from Alan Somers <asom...@freebsd.org> ---
This is NOT a duplicate of 179392. It has nothing to do with checksums. In
fact, it technically isn't a bug at all. The problem is that you're asking PF
to do something that's illegal in IPv6.
IPv6 addresses have the concept of "scopes". A scope is the domain in which a
particular address is valid. Localhost (::1) has local scope, link-local
addresses (fe80:*) have link-local scope, site-local addresses (fec0:*) have
site-local scope, and global addresses (everythign else) have global scope.
Since ::1 only has local scope, it's only valid for traffic that originates and
ends on the local machine. For that reason, it is specifically forbidden to
assign ::1 to a real network interface.
Your PF rule redirects a packet to ::1, but doesn't change the receiving
interface. Thus, it violates scoping rules. You can tell by running 'netstat
-s -f inet6 | grep "violated scope"' before and after generating the traffic
that you want to redirect. The check is in in6_setscope().
The simple workaround is to change your rdr rule to redirect to your actual
link-local, site-local, or global IPv6 address instead of ::1.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
