Project

General

Profile

Actions

Bug #2665

closed

'pass out' on gif matches inbound traffic

Added by Chris Buechler about 12 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Ermal Luçi
Category:
Operating System
Target version:
Start date:
10/29/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

traffic coming in on a gif interface wrongly matches the out direction on the gif. For instance this:

pass out route-to ( gif0 2610:x:x:x::2 ) inet6 from 2610:x:x:x::1/64 to !2610:x:x:x::1/64 keep state 

traffic inbound on gif0 matches that rule and applies the route-to, which breaks connectivity from the IP on the remote side of the gif as it gets routed right back out the gif where it came in. Take out the route-to and reload the ruleset, and it works. Still wrongly matches the 'pass out' rule though.

Actions #1

Updated by Ermal Luçi about 12 years ago

  • Status changed from New to Feedback

This is not a mismatch of the rule but just how the system works.
There should be teached to pf(4) route-to for v6 to bypass this as done on v4.

The fix for now is just to remove the prefix on the source part of the rule.

Actions #2

Updated by Ermal Luçi about 12 years ago

  • Target version changed from 2.1 to 2.2
Actions #3

Updated by Chris Buechler about 12 years ago

  • Affected Version deleted (2.1)
Actions #4

Updated by Jim Thompson over 10 years ago

  • Assignee set to Ermal Luçi
Actions #5

Updated by Chris Buechler about 10 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF