kern/110698: nat rule of pf without "on" clause causes invalid packed chksum

Vladimir V. Kalashnikov hw at ksue.edu.ua
Fri Mar 23 09:00:12 UTC 2007 

>Number:         110698
>Category:       kern
>Synopsis:       nat rule of pf without "on" clause causes invalid packed chksum
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 23 09:00:10 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Vladimir V. Kalashnikov
>Release:        FreeBSD 6.2-STABLE #9
>Organization:
Kharkov State University of Economics
>Environment:
System: FreeBSD sprite.local 6.2-STABLE FreeBSD 6.2-STABLE #9: Thu Mar 22 12:30:19 EET 2007
>Description:
    Such rule:
        nat from $local_me to ! local -> { ($if1), ($if2) } round-robin
    i.e. without corresponding "on iface" clause causes outgoing packets
    to be with incorrect checksum. this behaviour is only applied to packets
    originated from kernel (i.e. locally bound sockets). packets, that
    arrive on interfaces and travels thru system are processed correctly.

    it doesn't matter whether "local_me" specified as a single address or
    as a member of "some_table". i tried multiply configurations and
    effect was reproducible (from FreeBSD v6.1 PRERELEASE up to current RELEASE)

>How-To-Repeat:
    pf.conf file with rule:
        table local const { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
        nat from $local_me to ! local -> ($external_if)
        pass out quick route-to ($external_if $external_peer) from $external_me to ! <local>
        # dunno if last rule has effect, but i have multply outbound
        # interfaces and "floating" default route, so i need symmetric
        # outgoing routing

    then to check we run (with effect):
      # tcpdump -v -v -v -l -s 1600 -i vlan0 host f1news.ru                           

###### S, cksum 0xee62 (incorrect (-> 0xfcc5), 3464239052:3464239052(0)
###### here the effect ^^^^^^^^^^^^^^^^^^^^^^^

      # telnet f1news.ru 80

     and we may run telnet from the local network, everything will go OK

>Fix:
     i looked inside /usr/src/sys/contrib/pf/net/pf.c but dunno
     what to change here, seems invokation pf_cksum_fixup()
     has been forgotten somewhere

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list