kern/121704: PF mangles loopback packets
Josh Paetzel
josh at tcbug.org
Fri Mar 14 15:20:02 UTC 2008
>Number: 121704
>Category: kern
>Synopsis: PF mangles loopback packets
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 14 15:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Josh Paetzel
>Release: FreeBSD 6.3-RELEASE i386
>Organization:
>Environment:
System: FreeBSD 6.3-RELEASE #1: Mon Feb 11 03:00:24 UTC 2008
jpaetzel at homebase.tcbug.org:/usr/obj/usr/src/sys/HOMEBASE
>Description:
PF appears to mangle packets on the loopback, even with pass all rules
>How-To-Repeat:
simple pf.conf
pass in all keep state
pass out all keep state
root at homebase /home/jpaetzel ->cat echoserver.py
#!/usr/bin/env python
"""
A simple echo server
"""
import socket
host = ''
port = 50000
backlog = 5
size = 1024
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host,port))
s.listen(backlog)
while 1:
client, address = s.accept()
data = client.recv(size)
if data:
client.send(data)
client.close()
*********************************************8
root at homebase /home/jpaetzel ->cat echoclient.py
#!/usr/bin/env python
"""
A simple echo client
"""
import socket , time
host = '127.0.0.2'
port = 50000
size = 1024
loop = 1
while 1:
loop += 1
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))
s.send('Hello, world')
data = s.recv(size)
s.close()
print '#', loop, 'received:', data, time.ctime()
Bring up echoserver.py on 127.0.0.2 (in a jail works), start echoclient.py on another loopback IP in the host environment or another jail and watch it go boom. Disabling pf or set skip on lo0 lets it run indefinitely.
>Fix:
set skip on lo0 fixes the problem, unfortunately I need that too.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list