doktornotor
commented
2 months ago Just linking here for reference that this downstream issue that is gone with that ultimate revert kernel from https://github.com/opnsense/src/commit/164bfe67604
đŸ™„
Open cloudz opened 2 months ago
doktornotor
commented
2 months ago Just linking here for reference that this downstream issue that is gone with that ultimate revert kernel from https://github.com/opnsense/src/commit/164bfe67604
đŸ™„
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
A clear and concise description of what the bug is, including last known working version (if any).
During the IPv6 traceroute/icmp issues I did enable the "Generate debug messages for various errors" under the Firewall > Settings > Advanced. This option started spamming my system logs at a rate of over 10/s with the error "pf: ICMP error message too short (ip6)" resulting over 350k per day.
In my search on why this was happening I used "tcpdump -i ax1 icmp6" as suggested by a forum member to look for an irregular IPv6 spammer but it immediately became clear that every Neighbour Solicitation & Neighbour Answer resulted in such a log entry.
I assume this is incorrect behaviour, hence the bug report.
Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
No errors on ND : NS/NA from pf
Describe alternatives you considered
Turning off the debug logging removes the excessive log spamming.
Screenshots
N/A.
Relevant log files
If applicable, information from log files supporting your claim.
Additional context
Add any other context about the problem here.
Environment
Software version used and hardware type if relevant, e.g.: DEC740 @ latest OS. Audit successful.