pf (rules and nat) + (ipfw + dummynet)

Andrew White andywhite at gmail.com
Sat Aug 17 21:25:58 UTC 2019


Hi

Using 11.3 , I've been trying to configure pf with dummynet.  Having ipfw
reply traffic sent into a dummynet pipe causes pf to reject the traffic.

Searching around and looking at ip_input.c it looks like dummynet reinjects
the packet back into input and this is what causes the problem , I'm
guessing the checksum changes.

Is this a known behaviour and are there functioning patches ?  I see
projects like opnsense and pfsense have patches for ip_input.c to skip some
of the code if it's a reinjected packet from dummynet

I also see some work underway to separate dummynet from ipfw, is there any
docs for the goals or timelines, will this allow dummynet anchors and use
of dnctl to use pf with dummynet like in macos ?

Kind regards

Andy


More information about the freebsd-net mailing list