udp - weird behavior of reply-to
Marek Zarychta
zarychtam at plan-b.pwste.edu.pl
Mon Jan 9 17:25:30 UTC 2017
On Sun, Jan 08, 2017 at 07:08:10PM +0100, Kristof Provost wrote:
> On 8 Jan 2017, at 15:55, Marek Zarychta wrote:
> The problem description doesn’t ring any bells with me, but I’m also
> not sure
> I’ve fully understood it. Can you document a minimal reproduction
> scenario,
> with a pf.conf and perhaps network captures documenting the problem?
>
> There’s certainly not been a conscious decision to break UDP reply-to.
>
Let me apologize, the problem wasn't previously properly identified. It
seems to be more problem of UDP protocol implementation than PF issue.
UDP sockets are opened and bound to address of the outgoing interface
(interface which has a route to the client). Because the socket is not
bound to the incoming interface, the PF reply-to rules couldn't be
evaluated. By the way, TCP sockets are bound to the interface where the
traffic arrives and everything works fine.
This machine is i386 running 11.0-STABLE r311772
The problem remains unresolved. Are there any corresponding sysctls
correcting this behavior and enabling the opportunity to use PF assisted
symmetric routing scenario again?
--
Marek Zarychta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20170109/7658f7c3/attachment.sig>
More information about the freebsd-pf
mailing list