[Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute)

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 24 Aug 2024 08:25:05 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280701

--- Comment #52 from Dr. Uwe Meyer-Gruhl <freebsd_email@congenio.de> ---
If you do not understand and / or believe what is left broken, read the reports
of how ND fails even after applying the patches contained here.

If you want to construct a test setup to cover this, try directing the
following command from another machine to a potentially affected FreeBSD
machine and look at the results:

while :
do
        ndisc6 -m -n -r 1 fe80::1111:2222:3333:4444 eth0
done

Of course, fill in the target's EUI-64 instead of 1111:2222:3333:4444 and use
the correct interface instead of eth0.

You will find that even after the current commits, a machine with the SA
applied does not always respond in due time to these requests and the requests
time out, whereas a machine without the SA always answers correctly.

-- 
You are receiving this mail because:
You are the assignee for the bug.