[Bug 127920] [pf] ipv6 and synproxy don't play well together

Fri Aug 1 13:52:13 UTC 2014

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127920

vegeta at tuxpowered.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vegeta at tuxpowered.net

--- Comment #5 from vegeta at tuxpowered.net ---
The issue is also present in FreeBSD 10. What happens is that when synproxy
code sents a SYN+ACK reply to client's SYN packet, it gets dropped here:

sys/netpfil/pf/pf.c:
4153     if ((*state)->src.state == PF_TCPS_PROXY_SRC) {
4154         if (direction != (*state)->direction) {
4155             REASON_SET(reason, PFRES_SYNPROXY);
4156         return (PF_SYNPROXY_DROP);
4157     }

I'm a bit surprised why it does not happen for IPv4 though, unless direction is
wrong or the IPv4 packet does not match existing state.

-- 
You are receiving this mail because:
You are the assignee for the bug.