[Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute)

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 14 Aug 2024 07:53:05 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280701

--- Comment #15 from doktornotor <doktornotor@mailinator.com> ---
(In reply to commit-hook from comment #14)

Unfortunately, that fixes IPv4 but is even more broken with ICMPv6, now even
the first hop (the FreeBSD router) is not shown from machines behind the
router. 

Windows 11 machine:

> tracert -6 www.google.com

Tracing route to www.google.com [2a00:1450:4014:80a::2004]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     7 ms     7 ms     7 ms  prg03s10-in-x04.1e100.net
[2a00:1450:4014:80a::2004]

Trace complete.

Ubuntu 22 LTS machine:

$ traceroute6 -I www.google.com
traceroute to www.google.com (2a00:1450:4014:80a::2004), 30 hops max, 80 byte
packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  prg03s10-in-x04.1e100.net (2a00:1450:4014:80a::2004)  6.992 ms  7.055 ms 
7.051 ms


Directly from the router, it works. 

# traceroute6 -I www.google.com
traceroute6 to www.google.com (2a00:1450:4014:80a::2004) from 2001:1ae9::xxxx,
64 hops max, 20 byte packets
 1  * * *
 2  * * *
 3  2001:af0:f::1da  6.427 ms  6.587 ms *
 4  2001:4860:1:1::1d50  6.787 ms  6.929 ms  6.860 ms
 5  2001:4860:0:1::7ee5  6.873 ms  6.702 ms  6.545 ms
 6  2001:4860:0:1::389b  7.082 ms  6.724 ms  6.658 ms
 7  prg03s10-in-x04.1e100.net  6.766 ms  6.754 ms  6.170 ms


 # mtr -wrn -c 10 -6 www.google.com
Start: 2024-08-14T09:47:37+0200
HOST: gw.localocaldomain         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- ???                      100.0    10    0.0   0.0   0.0   0.0   0.0
  2.|-- ???                      100.0    10    0.0   0.0   0.0   0.0   0.0
  3.|-- 2001:af0:f::1da          60.0%    10    6.7   7.0   6.7   7.3   0.3
  4.|-- 2001:4860:1:1::1d50       0.0%    10    7.0   7.0   6.6   7.6   0.3
  5.|-- 2001:4860:0:1::7ee5       0.0%    10    7.0   6.9   6.6   7.4   0.3
  6.|-- 2001:4860:0:1::389b       0.0%    10    7.0   7.1   6.6   7.7   0.3
  7.|-- 2a00:1450:4014:80a::2004  0.0%    10    6.7   7.0   6.7   7.3   0.2

-- 
You are receiving this mail because:
You are the assignee for the bug.