[Bug 272770] "divert-to" rule creates packet loops on all FreeBSD 11.0 to 14.0 CURRENT versions

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272770] "divert-to" rule creates packet loops on all FreeBSD 11.0 to 14.0 CURRENT versions"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 28 Jul 2023 07:21:25 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770

            Bug ID: 272770
           Summary: "divert-to" rule creates packet loops on  all FreeBSD
                    11.0 to 14.0 CURRENT versions
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: burak.sn@outlook.com

Created attachment 243661
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=243661&action=edit
divert-to test code

Hi, "divert-to" rule creates packet loops on  all FreeBSD 11.0 to 14.0 CURRENT
versions,

bug 260867 and forum topic talking about the same problem 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260867
https://forums.freebsd.org/threads/pf-divert-to-loop-problem.81508

 i have reproduced the scenario  on FreeBSD 11.0 to 14.0 CURRENT versions with
PF Divert rules given below and my code shown in the attachment

LAN =igb1

pass in quick on igb1 proto udp from any to port { 53 } divert-to 127.0.0.1
port 3355

# I have found that rule -> (pass out quick on igb1 inet proto udp from any to
port 53 flags S/SA keep state divert-reply) from google but i got this error:
/etc/pf.conf:83: divert-reply has no meaning in FreeBSD pf(4)
pfctl: Syntax error in config file: pf rules not loaded

FreeBSD 14.0-CURRENT pf.conf(5) man page

     divert-to <host> port <port>
           Used to redirect packets to a local socket bound to host and port.
           The packets will not be modified, so getsockname(2) on the socket
           will return the original destination address of the packet.

     divert-reply
           Used to receive replies for sockets that are bound to addresses
           which are not local to the machine.  See setsockopt(2) for informa-
           tion on how to bind these sockets.


 There is same problem with all versions.It seems to me no work has been done
to fix pf divert. Because of that i am currently using both IPFW and PF at the
same time, i use IPFW for DIVERT but i am trying to move on FreeBSD 14.0 to
work with only PF . But DIVERT is not working on either FreeBSD 14.0-CURRENT
pf. So i couldn't give up IPFW's DIVERT.
I have atteched a code above the attachment and i have tried all available
codes on the internet.
I am looking forward to your helps
Thanks.

-- 
You are receiving this mail because:
You are the assignee for the bug.