[Bug 260867] [pf][patch] divert-to packets infinitely loop when written back to divert socket

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 14 Jul 2023 11:34:41 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260867

Alfa <burak.sn@outlook.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |net@FreeBSD.org

--- Comment #3 from Alfa <burak.sn@outlook.com> ---
(In reply to Alfa from comment #2)

Hi, i have the same infinity loop problem , i have tried PF Divert rules given
below on between FreeBSD 11.0 to 14.0 CURRENT versions. There is same problem
with all versions.It seems to me no work has been done to fix pf divert. By the
way i am currently using both IPFW and PF at the same time, i use IPFW for
DIVERT but i am trying to move on FreeBSD 14.0 to work with only PF . But this
DIVERT is not working on FreeBSD 14.0-CURRENT pf. So i couldn't give up IPFW's
DIVERT.
I have atteched a code above the attachment and i have tried all available
codes on the internet.

LAN =igb1

pass in quick on igb1 proto udp from any to port { 53 } divert-to 127.0.0.1
port 3355

# I have found this rule (pass out quick on igb1 inet proto udp from any to
port 53 flags S/SA keep state divert-reply) from google but i got this error:
/etc/pf.conf:83: divert-reply has no meaning in FreeBSD pf(4)
pfctl: Syntax error in config file: pf rules not loaded


FreeBSD 14.0-CURRENT pf.conf(5) man page

     divert-to <host> port <port>
           Used to redirect packets to a local socket bound to host and port.
           The packets will not be modified, so getsockname(2) on the socket
           will return the original destination address of the packet.

     divert-reply
           Used to receive replies for sockets that are bound to addresses
           which are not local to the machine.  See setsockopt(2) for informa-
           tion on how to bind these sockets.

-- 
You are receiving this mail because:
You are on the CC list for the bug.