>Synopsis: pf: UDP divert-to to a local addr won't send traffic back
>Category: kernel pf amd64
>Environment:
System : OpenBSD 7.5
Details : OpenBSD 7.5-current (GENERIC) #177: Wed Jul 10
06:03:30 MDT 2024
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
The pf rule:
pass in quick inet6 proto udp to egress divert-to ::1 port 12345
diverts traffic from client -> server -> localhost:12345. Incoming
UDP traffic is received on localhost, as expected.
The server listening on localhost, however, can't send UDP traffic
back.
A local socket is being used, so "divert-reply" doesn't seem to apply
here. There is no indication the response is being blocked by other
pf rules.
>How-To-Repeat:
On the server side:
pass in quick inet6 proto udp to egress divert-to ::1 port 12345
# nc -u -k -l ::1 12345
On the client side:
$ nc -u $server_ipv6 65000
Anything typed in the client nc will appear on the server nc. Typing
on the server nc won't show in the client one. This incoming/outgoing
nc test works when using a TCP divert-to rule.
>Fix:
Unknown.
Thanks,
--Kor
