From kian@alvis.restek.wwu.edu  Sat May 24 21:48:04 2008
Return-Path: <kian@alvis.restek.wwu.edu>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 53F211065676
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 24 May 2008 21:48:04 +0000 (UTC)
	(envelope-from kian@alvis.restek.wwu.edu)
Received: from alvis.restek.wwu.edu (alvis.restek.wwu.edu [67.201.255.204])
	by mx1.freebsd.org (Postfix) with ESMTP id 492328FC0C
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 24 May 2008 21:48:04 +0000 (UTC)
	(envelope-from kian@alvis.restek.wwu.edu)
Received: from alvis.restek.wwu.edu (localhost [127.0.0.1])
	by alvis.restek.wwu.edu (8.14.2/8.14.2) with ESMTP id m4OLItLp082608;
	Sat, 24 May 2008 14:18:55 -0700 (PDT)
	(envelope-from kian@alvis.restek.wwu.edu)
Received: (from kian@localhost)
	by alvis.restek.wwu.edu (8.14.2/8.14.2/Submit) id m4OLIskF082607;
	Sat, 24 May 2008 14:18:54 -0700 (PDT)
	(envelope-from kian)
Message-Id: <200805242118.m4OLIskF082607@alvis.restek.wwu.edu>
Date: Sat, 24 May 2008 14:18:54 -0700 (PDT)
From: Kian Mohageri <kian.mohageri@gmail.com>
Reply-To: Kian Mohageri <kian.mohageri@gmail.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: kian@restek.wwu.edu
Subject: tcpdump does not see outgoing RST when pf is enabled
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         123965
>Category:       kern
>Synopsis:       [pf] tcpdump(1) does not see outgoing RST when pf is enabled
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-pf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 24 21:50:01 UTC 2008
>Closed-Date:    Mon Jun 02 19:03:14 UTC 2008
>Last-Modified:  Mon Jun 02 19:03:14 UTC 2008
>Originator:     Kian Mohageri
>Release:        FreeBSD 7.0-RELEASE i386
>Organization:
>Environment:
System: FreeBSD alvis.restek.wwu.edu 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat Mar 1 17:41:33 PST 2008 root@alvis.restek.wwu.edu:/usr/obj/usr/src/sys/GENERIC i386

>Description:
When pf is enabled, block-policy is 'return', and a packet is blocked, pf sends a RST but tcpdump never sees it.

>How-To-Repeat:

 - Enable pf with 'set block-policy return' and rules to deny traffic
 - Start tcpdump on your FreeBSD 7 host
 - Try to connect to FreeBSD 7 host from somewhere (that will be rejected)
 - Notice that tcpdump sees the incoming SYN but not the outgoing RST
 - Disable pf and try again
 - Notice that tcpdump correctly sees both the SYN and the RST

In both cases, the RST *is* originating from the FreeBSD 7 host - that can be verified by tcpdumping on intermediate routers/firewalls.

If it's at all helpful information, a FreeBSD 6.3 host sees the SYN/RST in both cases.
>Fix:

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon May 26 02:50:58 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123965 

From: Max Laier <max@love2party.net>
To: bug-followup@freebsd.org,
 kian.mohageri@gmail.com
Cc:  
Subject: Re: kern/123965: [pf] tcpdump(1) does not see outgoing RST when pf is enabled
Date: Mon, 26 May 2008 16:21:18 +0200

 This has been fixed with rev. 1.193 of sys/net/bpf.c or 1.181.2.2 in 
 RELENG_7.  See below for details.
 
 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/bpf.c#rev1.181.2.2
 
 --
   Max

From: Kian Mohageri <kian@restek.wwu.edu>
To: bug-followup@FreeBSD.org, kian.mohageri@gmail.com
Cc:  
Subject: Re: kern/123965: [pf] tcpdump(1) does not see outgoing RST when pf
 is enabled
Date: Mon, 26 May 2008 11:10:21 -0700

 Cool, should have searched more thoroughly.  Thanks!
State-Changed-From-To: open->closed 
State-Changed-By: mlaier 
State-Changed-When: Mon Jun 2 19:02:49 UTC 2008 
State-Changed-Why:  
As noted in follow-up, this problem is fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123965 
>Unformatted:
