I've been working on a really strange problem today. Last night I upgraded to a snapshot of OpenBSD 3.4 (dated 15th of September). I took our existing pf ruleset and loaded it. Everything seems fine except for one thing. We have one machine which we route based on source with the route-to flag. This worked fine with 3.1 but with the snapshot it does something really strange. It seems to loose the first packet it sents. The network stack then resends the packets and everything goes fine.
If I do a "telnet xxx.232.213.1 25" I can see the following traffic on the incoming interface (rl0).
17:16:55.221973 yyy.5.11.201.46976 > xxx.232.213.1.25: S 1791151904:1791151904(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 531317162 0> (DF) [tos 0x10]
17:17:01.212632 yyy.5.11.201.46976 > xxx.232.213.1.25: S 1791151904:1791151904(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 531317174 0> (DF) [tos 0x10]
17:17:01.255003 xxx.232.213.1.25 > yyy.5.11.201.46976: S 512737684:512737684(0) ack 1791151905 win 10136 <nop,nop,timestamp 3267980293 531317174,nop,wscale 0,mss 1460> (DF)
On the outgoing interface it looks like (rl2):
17:17:01.212681 zzz.253.135.162.52756 > xxx.232.213.1.25: S 1791151904:1791151904(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 531317174 0> (DF) [tos 0x10]
17:17:01.254979 xxx.232.213.1.25 > zzz.253.135.162.52756: S 512737684:512737684(0) ack 1791151905 win 10136 <nop,nop,timestamp 3267980293 531317174,nop,wscale 0,mss 1460> (DF)
So it looks like the first SYN packet is ignored but the second one makes it through. A subset of our ruleset looks like this:
nat on rl0 from yyy.5.11.201 to any -> rl2
pass out quick on rl0 route-to (rl2 zzz.253.135.161) from zzz.253.135.162 to
any keep state label bp-traffic
rl0 has the ip of yyy.5.11.200 and rl2 has zzz.253.135.162.
Anyone has a clue about what is happening because I'm really confused now.
Thanks in advance, Nickus
