From nobody@FreeBSD.org  Sat Dec  4 18:11:29 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6652D16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  4 Dec 2004 18:11:29 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 58F9A43D5C
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  4 Dec 2004 18:11:29 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id iB4IBQA4016401
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 4 Dec 2004 18:11:26 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id iB4IBQli016387;
	Sat, 4 Dec 2004 18:11:26 GMT
	(envelope-from nobody)
Message-Id: <200412041811.iB4IBQli016387@www.freebsd.org>
Date: Sat, 4 Dec 2004 18:11:26 GMT
From: Bernhard Schmidt <berni@birkenwald.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: pf drops MLD reports
X-Send-Pr-Version: www-2.3

>Number:         74683
>Category:       kern
>Synopsis:       pf drops MLD reports
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    dhartmei
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 04 18:20:15 GMT 2004
>Closed-Date:    Sun Dec 05 12:18:25 GMT 2004
>Last-Modified:  Sun Dec 05 12:18:25 GMT 2004
>Originator:     Bernhard Schmidt
>Release:        5.3-STABLE
>Organization:
none
>Environment:
FreeBSD heimdall.birkenwald.de 5.3-STABLE FreeBSD 5.3-STABLE #0: Wed Nov 24 00:48:49 CET 2004     root@heimdall.birkenwald.de:/usr/obj/usr/src/sys/HEIMDALL  i386

>Description:
When pf firewall is enabled even with a most simple ruleset

pass all

an IPv6 multicast daemon like pim6sd or xorp on the machine cannot receive MLD reports from multicast clients trying to subscribe a group.

A pcap dump (ethereal or tcpdump) of a report sample is available for download at 

http://www.birkenwald.de/~berni/tmp/mld.dump

when pf is disabled with "pfctl -d" Multicast works fine
>How-To-Repeat:
- Compile a kernel with PF, PIM and MROUTING
- Install /usr/ports/net/pim6sd and configure
- Load simple pf ruleset "pass all"
- Startup pim6sd in debugging mode and subscribe from a client to an IPv6 multicast group
- pfctl -d
- subscribe again, now pim6sd can see the MLD reports
>Fix:
      
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->mlaier 
Responsible-Changed-By: simon 
Responsible-Changed-When: Sat Dec 4 19:02:36 GMT 2004 
Responsible-Changed-Why:  
Over to pf maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74683 
State-Changed-From-To: open->analyzed 
State-Changed-By: mlaier 
State-Changed-When: Sun Dec 5 02:56:26 GMT 2004 
State-Changed-Why:  
Daniel Hartmeier came up with the following patch: 

Index: pf.c 
=================================================================== 
RCS file: /cvs/freebsd/src/sys/contrib/pf/net/pf.c,v 
retrieving revision 1.23 
diff -u -r1.23 pf.c 
--- pf.c	24 Nov 2004 00:43:34 -0000	1.23 
+++ pf.c	5 Dec 2004 01:29:17 -0000 
@@ -6334,7 +6334,8 @@ 
goto done; 
} 
if (dir == PF_IN && pf_check_proto_cksum(m, off, 
-		    ntohs(h->ip6_plen), IPPROTO_TCP, AF_INET6)) { 
+		    ntohs(h->ip6_plen) - (off - sizeof(struct ip6_hdr)), 
+		    IPPROTO_TCP, AF_INET6)) { 
action = PF_DROP; 
goto done; 
} 
@@ -6372,7 +6373,8 @@ 
goto done; 
} 
if (dir == PF_IN && uh.uh_sum && pf_check_proto_cksum(m, 
-		    off, ntohs(h->ip6_plen), IPPROTO_UDP, AF_INET6)) { 
+		    off, ntohs(h->ip6_plen) - (off - sizeof(struct ip6_hdr)), 
+		    IPPROTO_UDP, AF_INET6)) { 
action = PF_DROP; 
goto done; 
} 
@@ -6411,7 +6413,8 @@ 
goto done; 
} 
if (dir == PF_IN && pf_check_proto_cksum(m, off, 
-		    ntohs(h->ip6_plen), IPPROTO_ICMPV6, AF_INET6)) { 
+		    ntohs(h->ip6_plen)  - (off - sizeof(struct ip6_hdr)), 
+		    IPPROTO_ICMPV6, AF_INET6)) { 
action = PF_DROP; 
goto done; 
} 


Responsible-Changed-From-To: mlaier->dhartmei 
Responsible-Changed-By: mlaier 
Responsible-Changed-When: Sun Dec 5 02:56:26 GMT 2004 
Responsible-Changed-Why:  
Over to Daniel for care taking. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74683 
State-Changed-From-To: analyzed->closed 
State-Changed-By: dhartmei 
State-Changed-When: Sun Dec 5 12:17:05 GMT 2004 
State-Changed-Why:  
Now fixed in -rHEAD, solution confirmed by submitter, MFC pending. 
Thank you for the report. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74683 
>Unformatted:
