Near-term pf plans
Kristof Provost
kp at FreeBSD.org
Sun Sep 6 03:21:57 UTC 2015
> On 05 Sep 2015, at 23:17, Niels <niels at netbox.org> wrote:
>
>
>> On 24 Aug 2015, at 18:16, Kristof Provost <kp at FreeBSD.org> wrote:
>>
>>>> - PR 202351
>>>> This is a panic after ip6 reassembly in pf. We set the rcvif to NULL
>>>> when refragmenting. That seems to go OK execpt when we're refragmenting
>>>> broadcast/multicast packets in the forwarding path. It's not at all
>>>> clear to me how that could happen.
>>>
>>> if_bridge wants to forward ipv6 multicasts. pf refragmentation code tries to send out the resulting packets using ip6_forward() which does not handle multicasts, drops the packet and tries to log that fact, which causes the panic.
>>>
>>> I’ve updated the PR with some more thoughts about this.
>>>
>> Yes, I saw that pass by earlier. Thanks for that, I think you did a great analysis.
>>
>> Unfortunately there are other issues with pf on bridges. (See PR 185633 for example)
>> I wouldn’t expect the fragmentation and reassembly to work at all in that scenario.
>>
>> I’ll see what I can do about at least fixing the panic in the short term.
>> Even if the reassembly/refragmentation doesn’t work (on bridges) we should at least no panic.
>>
>> Regards,
>> Kristof
>
> Is this just the very same issue I see after upgrading to i386 releng/10.2 on my pf/bridge/ip6 router?
>
> It has a bunch of interfaces bridged on the lan, and an mpd/ng interface with IP6 default route over it. Right after booting it crashes with
Yes. There’s a fix on current as of r287376.
Regards,
Kristof
More information about the freebsd-pf
mailing list