https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291527
Bug ID: 291527
Summary: pf: NAT64 af-to generates garbage ICMP error packet
when TTL exceeded
Product: Base System
Version: 16.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
tested on main from today (701e4b36b4510c8cf26155ec3ab5aca9b7ba9406), amd64, in
a jail.
when using "af-to inet" (NAT64) in pf, and the router originates a TTL exceeded
error (e.g., in the first hop of traceroute that reaches the NAT64 router), the
generated packet is garbage.
the traceroute packet which causes the error to be originated:
19:44:11.315080 IP6 (hlim 1, next-header ICMPv6 (58) payload length: 20)
fd00:0:0:1::c > 64:ff9b::101:101: [icmp6 sum ok] ICMP6, echo request, id 6279,
seq 1
the packet generated by the router:
19:44:11.315144 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 48)
fe80::2 > 101:0:a00:1:101:101:800:df77: [icmp6 sum ok] ICMP6, unknown icmp6
type (11), length 48
0x0000: 0b00 5509 0000 0000 4500 0028 5a61 0000
0x0010: 0101 0000 0a00 0001 0101 0101 0800 df77
0x0020: 1887 0001 0000 0000 0000 0000 0000 0000
pf.conf:
----o<----
pass in
pass out
pass in on nat64b inet6 from any to 64:ff9b::/96 af-to inet from 10.0.0.1/32
----o<----
rc.conf:
----o<----
ifconfig_nat64b="inet 10.0.0.1/32"
ifconfig_nat64b_ipv6="inet6 fe80::2/64"
ipv6_defaultrouter="fe80::1%nat64b"
defaultrouter="-inet6 $ipv6_defaultrouter"
pf_enable=YES
----o<----
--
You are receiving this mail because:
You are the assignee for the bug.
