kern/75036: pf / icmp 64 / operation wrongully not permitted?

Arne Wörner arne_woerner at yahoo.com
Mon Dec 13 15:40:28 PST 2004 

>Number:         75036
>Category:       kern
>Synopsis:       pf / icmp 64 / operation wrongully not permitted?
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 13 23:40:26 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Arne Wörner
>Release:        R5.3
>Organization:
>Environment:
FreeBSD neo.riddick.homeunix.org. 5.3-RELEASE FreeBSD 5.3-RELEASE #9: Thu Dec  2 20:23:28 UTC 2004     aw at neo.riddick.homeunix.org.:/usr/src/sys/i386/compile/RIDDICK  i386

>Description:
I just tried to do
  ping -R localhost
With pf enabled: The ping command says that the operation is not permitted.
With pf disabled: The ping command works as expected.

tcpdump (pflog) said, that rule 2 (pass out quick on lo0 all) matched for every sequence number once:
 neo# tcpdump -nr /var/log/pflog icmp and rulenum 2
 23:23:34.017915 IP 127.0.0.1 > 127.0.0.1: icmp 64: echo request seq 9

>How-To-Repeat:
pf rules:
 scrub in all fragment reassemble
 block drop in log all
 pass in quick on lo0 all
 pass out quick on lo0 all
 block drop in log on tun0 all
 block drop in log on tun0 from any to (tun0)
 pass out log-all on tun0 proto icmp from (tun0) to any keep state
 pass out log-all on tun0 proto tcp from (tun0) to any keep state
 pass out log-all on tun0 proto udp from (tun0) to any keep state

ping said:
neo# ping -R localhost
PING localhost (127.0.0.1): 56 data bytes
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
^C
--- localhost ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

neo# ping localhost
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.116 ms
^C
--- localhost ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.116/0.116/0.116/0.000 ms

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list