[Bug 207598] pf adds icmp unreach somehow

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598

            Bug ID: 207598
           Summary: pf adds icmp unreach somehow
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: emz at norma.perm.ru

FreeBSD:

FreeBSD moscow-alpha 10.2-STABLE FreeBSD 10.2-STABLE #0 r286954: Fri Aug 21
08:33:14 MSK 2015     emz at moscow-alpha:/usr/obj/usr/src/sys/MOSCOW  amd64

Network scheme:

(FreeBSD A) <---(gre inside ipsec)---> (FreeBSD B) <---gre inside ipsec--->
(FreeBSD C)

(uname taken from B)

Issue:

PF is on
A pings B with icmp packets < gre MTU = everything is OK
A pings C with icmp packets < gre MTU = everything is OK

A pings B with icmp packets > gre MTU = everything is OK
A pings C with icmp packets > gre MTU = got two answers, a normal ICMP reply
from C, and an ICMP unreach from B:

[emz at big-cherkiz5-1:~]# ping -s 4096 192.168.7.127
PING 192.168.7.127 (192.168.7.127): 4096 data bytes
36 bytes from 172.16.5.214: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 055c a28a   0 0000  40  01 3908 172.16.5.215  192.168.7.127 

4104 bytes from 192.168.7.127: icmp_seq=0 ttl=61 time=62.119 ms
^C
--- 192.168.7.127 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 62.119/62.119/62.119/0.000 ms

Workaround: disable pf on B. With pf disabled on B, situation resolves back to
normal.
The issue was first seen somewhere on 10-STABLE, didn't resolve so far. I've
talk with tough guys, like ae@, he told me to report it, since it cannot be
explained by configuration errors.

-- 
You are receiving this mail because:
You are the assignee for the bug.