[Bug 207598] pf adds icmp unreach on gre/ipsec somehow

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue May 24 18:38:29 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598

--- Comment #10 from Max <maximos at als.nnov.ru> ---
scrub on gre1 proto tcp max-mss 1360 (there is no "host unreachable" message).


21:28:54.220629 rule 0..16777216/0(match): pass in on em0: 192.168.10.1 >
192.168.10.254: GREv0, proto IPv4 (0x0800), length 1480: 10.10.1.1 > 10.10.3.1:
ICMP echo request, id 30473, seq 0, length 1456
21:28:54.220641 rule 0..16777216/0(match): pass in on gre0: 10.10.1.1 >
10.10.3.1: ICMP echo request, id 30473, seq 0, length 1456
21:28:54.220650 rule 0..16777216/0(match): pass out on gre1: 10.10.1.1 >
10.10.3.1: ICMP echo request, id 30473, seq 0, length 1456
21:28:54.220656 rule 0..16777216/0(match): pass out on em2: 192.168.30.254 >
192.168.30.1: GREv0, proto IPv4 (0x0800), length 1480: 10.10.1.1 > 10.10.3.1:
ICMP echo request, id 30473, seq 0, length 1456
21:28:54.220700 rule 0..16777216/0(match): pass in on em0: 192.168.10.1 >
192.168.10.254: GREv0, proto IPv4 (0x0800), length 26: 10.10.1.1 > 10.10.3.1:
ip-proto-1
21:28:54.220704 rule 0..16777216/0(match): pass in on gre0: 10.10.1.1 >
10.10.3.1: ip-proto-1
21:28:54.220710 rule 0..16777216/0(match): pass out on gre1: 10.10.1.1 >
10.10.3.1: ip-proto-1
21:28:54.220716 rule 0..16777216/0(match): pass out on em2: 192.168.30.254 >
192.168.30.1: GREv0, proto IPv4 (0x0800), length 26: 10.10.1.1 > 10.10.3.1:
ip-proto-1
21:28:54.220824 rule 0..16777216/0(match): pass in on em2: 192.168.30.1 >
192.168.30.254: GREv0, proto IPv4 (0x0800), length 1480: 10.10.3.1 > 10.10.1.1:
ICMP echo reply, id 30473, seq 0, length 1456
21:28:54.220829 rule 0..16777216/0(match): pass in on gre1: 10.10.3.1 >
10.10.1.1: ICMP echo reply, id 30473, seq 0, length 1456
21:28:54.220835 rule 0..16777216/0(match): pass out on gre0: 10.10.3.1 >
10.10.1.1: ICMP echo reply, id 30473, seq 0, length 1456
21:28:54.220840 rule 0..16777216/0(match): pass out on em0: 192.168.10.254 >
192.168.10.1: GREv0, proto IPv4 (0x0800), length 1480: 10.10.3.1 > 10.10.1.1:
ICMP echo reply, id 30473, seq 0, length 1456
21:28:54.220880 rule 0..16777216/0(match): pass in on em2: 192.168.30.1 >
192.168.30.254: GREv0, proto IPv4 (0x0800), length 26: 10.10.3.1 > 10.10.1.1:
ip-proto-1
21:28:54.220886 rule 0..16777216/0(match): pass in on gre1: 10.10.3.1 >
10.10.1.1: ip-proto-1
21:28:54.220892 rule 0..16777216/0(match): pass out on gre0: 10.10.3.1 >
10.10.1.1: ip-proto-1
21:28:54.220899 rule 0..16777216/0(match): pass out on em0: 192.168.10.254 >
192.168.10.1: GREv0, proto IPv4 (0x0800), length 26: 10.10.3.1 > 10.10.1.1:
ip-proto-1

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-pf mailing list