IPv6 MLD packets blocked
Bernhard Schmidt
berni at birkenwald.de
Sat Dec 4 12:24:46 PST 2004
Hi,
> > http://www.birkenwald.de/~berni/tmp/mld.dump
>
> The decoded packet looks sane:
[...]
> This should not be dropped, at least I can't spot where it would be.
>
> Can you make sure that you don't get _anything_ in /var/log/message with
> pfctl -xm when such a packet is dropped?
Nothing, I kept it running that way and the only kernel messages I got
so far are
Dec 4 20:16:51 heimdall kernel: pf_map_addr: selected address
62.245.160.121
with my regular ruleset which is probably NATing or something like that.
> If you compare pfctl -si counter before and after a drop, do any of
> them increase?
I'll have to offload some traffic from the box, unfortunately it has the
PPP connection (to my provider) and no display. I could disconnect PPP,
but I would still have ssh (probably counting).
I can say though that the following counters
bad-offset 0 0.0/s
fragment 4 0.0/s
short 158 0.0/s
normalize 0 0.0/s
memory 8 0.0/s
do not increase when a report is dropped. I can say quite sure that the
match counter doesn't increase also (I run the command before and after
I sent a packet, if the update of the counter is sufficiently fast it is
not in there) and that there is no state for this packet.
BTW, I've opened a PR for that, misc/74683
Bernhard
More information about the freebsd-pf
mailing list