From josh@tcbug.org  Fri Mar 14 15:12:14 2008
Return-Path: <josh@tcbug.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 772E11065674
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Mar 2008 15:12:14 +0000 (UTC)
	(envelope-from josh@tcbug.org)
Received: from conn-smtp.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 5B8E08FC13
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Mar 2008 15:12:14 +0000 (UTC)
	(envelope-from josh@tcbug.org)
Received: from mail.tcbug.org (mail.tcbug.org [208.42.70.163])
	by conn-smtp.mc.mpls.visi.com (Postfix) with ESMTP id 7B398787E
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Mar 2008 10:12:13 -0500 (CDT)
Received: from homebase.tcbug.org (unknown [208.42.70.167])
	by mail.tcbug.org (Postfix) with ESMTP id 4EBEA6DA044
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Mar 2008 10:12:13 -0500 (CDT)
Received: from homebase.tcbug.org (localhost [127.0.0.1])
	by homebase.tcbug.org (Postfix) with ESMTP id D97F93F41B
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Mar 2008 10:12:04 -0500 (CDT)
Message-Id: <1205507524.58195@homebase.tcbug.org>
Date: Fri, 14 Mar 2008 10:12:04 -0500
From: "Josh Paetzel" <josh@tcbug.org>
To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@freebsd.org>
Subject: PF mangles loopback packets
X-Send-Pr-Version: gtk-send-pr 0.4.9 
X-GNATS-Notify:

>Number:         121704
>Category:       kern
>Synopsis:       [pf] PF mangles loopback packets
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-pf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 14 15:20:01 UTC 2008
>Closed-Date:    Mon Sep 20 04:49:12 UTC 2010
>Last-Modified:  Mon Sep 20 04:49:12 UTC 2010
>Originator:     Josh Paetzel
>Release:        FreeBSD 6.3-RELEASE i386
>Organization:
>Environment:


System: FreeBSD 6.3-RELEASE #1: Mon Feb 11 03:00:24 UTC 2008
    jpaetzel@homebase.tcbug.org:/usr/obj/usr/src/sys/HOMEBASE



>Description:


PF appears to mangle packets on the loopback, even with pass all rules


>How-To-Repeat:


simple pf.conf

pass in all keep state
pass out all keep state

root@homebase /home/jpaetzel ->cat echoserver.py
#!/usr/bin/env python

"""
A simple echo server
"""

import socket

host = ''
port = 50000
backlog = 5
size = 1024
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host,port))
s.listen(backlog)
while 1:
    client, address = s.accept()
    data = client.recv(size)
    if data:
        client.send(data)
    client.close()

*********************************************8

root@homebase /home/jpaetzel ->cat echoclient.py
#!/usr/bin/env python

"""
A simple echo client
"""

import socket , time

host = '127.0.0.2'
port = 50000
size = 1024
loop = 1
while 1:
    loop += 1
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host,port))
    s.send('Hello, world')
    data = s.recv(size)
    s.close()
    print '#', loop, 'received:', data, time.ctime()

Bring up echoserver.py on 127.0.0.2 (in a jail works), start
echoclient.py on another loopback IP in the host environment or another
jail and watch it go boom.  Disabling pf or set skip on lo0 lets it run
indefinitely.


>Fix:


set skip on lo0 fixes the problem, unfortunately I need that too.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Mar 15 08:17:19 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121704 
State-Changed-From-To: open->closed 
State-Changed-By: jpaetzel 
State-Changed-When: Mon Sep 20 04:47:28 UTC 2010 
State-Changed-Why:  
This hardware and FreeBSD version are long gone. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121704 
>Unformatted:
