From nobody Mon Jun 06 14:29:13 2022
X-Original-To: pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 47C2F1BD8700
	for <pf@mlmmj.nyi.freebsd.org>; Mon,  6 Jun 2022 14:29:14 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LGwpx5h5Jz3qDs
	for <pf@FreeBSD.org>; Mon,  6 Jun 2022 14:29:13 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9EFEE276FB
	for <pf@FreeBSD.org>; Mon,  6 Jun 2022 14:29:13 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 256ETDm1092519
	for <pf@FreeBSD.org>; Mon, 6 Jun 2022 14:29:13 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 256ETD3s092518
	for pf@FreeBSD.org; Mon, 6 Jun 2022 14:29:13 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: pf@FreeBSD.org
Subject: [Bug 264193] pf: scrub max-mss rule stops working (but still counts)
 after 13.1-RELEASE upgrade
Date: Mon, 06 Jun 2022 14:29:13 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.0-RELEASE
X-Bugzilla-Keywords: needs-qa, regression
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: kp@freebsd.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: pf@FreeBSD.org
X-Bugzilla-Flags: mfc-stable13? mfc-stable12-
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-264193-16861-Nw5WL2Faec@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-264193-16861@https.bugs.freebsd.org/bugzilla/>
References: <bug-264193-16861@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1654525753;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Yc+Lcb28/Y1wUbDoVb8JJrUvUA+kJ5LCrpm7Dm1GQXE=;
	b=D4QkmSAXEfdsrkJkzgT/K62kwvCt4p/mZ7eqzNH0UHtbwXwTstzXDSNNrcpsclelZUXDkw
	McQUkx0ktRHBCQ/p73DOvNiMHFj5gNZIZajtCdROwF7lKV6YcWb8GD7OgOyrybaQffqedX
	BPszjpStoMI1npj33HRxh5mWwMWSe2Ekyzy4X/kWhmx5Ekgpnw6AQi1txv4pUifMzVAUlS
	+SlWve4u9c8R1GSANIcCWXWGrMoKjj+qvcFkbA3ZqcmjeEsTDCb8IGvzxqwMAO+T3zSpme
	sSlGpV5rq11P5PFKDHC6KjL977dru5rAeikkK21Ro1rTQamcITz4WTQOaxDQDQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654525753; a=rsa-sha256; cv=none;
	b=JHO8lRE8JbyN4OPXqZRKCaxIzVQqxTYQvWMbrsAijmYn5YblMD6yIZ6nS5jp/QnK416x2c
	z2PAVx3sUBypc97RdibrZn64Ta5XSpXmhdK/Xk6X3HwDe053vkyky575tOK+r2KBJfm4Bm
	RNLL3+SbbViWO4NsBe0SY6TpkGTdc8gWMAH6RQEpNi10TBemYZ0xxlkiJVmTDXKsrAubmA
	fmZ7fnvntK/07mz1v75z0+oDMwh02KqVmpWkkMg8aY+zbxuUnYKs/ZBGcP93sdadNTaHAc
	eRyjyXHDhXYH/MrJ09BgMpN/CFmN4oP/xMU/gen7JSGX+sQHMcZ7vuoV3XRWeQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264193

--- Comment #7 from Kristof Provost <kp@freebsd.org> ---
(In reply to oleg from comment #6)
Packets can pass through pf multiple times. When forwarding they pass throu=
gh
coming into the network and again on the way out (post-routing), for exampl=
e.

In this case what I'm saying is that the original SYN packet that starts the
connection (and carries the MSS option) passes through pf once, does not hit
the scrub rule, because its going to go out epair0b, is then processed by t=
he
'pass route-to' rule, which it matches and causes it to be sent out through
epair1b. It does not pass through pf a second time, so it does not hit the
scrub rule and does not get its MSS adjusted.

--=20
You are receiving this mail because:
You are the assignee for the bug.=