monterey pfctl issues

I updated Monterey, but when i use pfctl to filter packet, e.g. """rdr pass on lo0 proto tcp from any to <direct_cidr> -> 127.0.0.1 port 7777 pass out route-to (lo0 127.0.0.1) proto tcp from any to <direct_cidr> """

the packet was sent very slowly, more than 200ms each packet

M1 and Motertey! wireshark shows when i send to 7777 a package len=10240, pass through pfctl it got len=1448 more than 10 times, and each packet sent use > 200ms. it is very slowly

Has there been any update on this issue or do we know any workarounds?

This issue is having a negative impact on Mac users of the sshuttle tool. See https://github.com/sshuttle/sshuttle/issues/752

This issue can be easily reproduced using the bellow commands:

Setup the packet filter to forward packets destined to 10.1.0.1 to 127.0.0.1:12345

pfctl -ef - <<< '
rdr pass on lo0 inet proto tcp from ! 127.0.0.1 to 10.1.0.1/32 -> 127.0.0.1 port 12345
pass out route-to lo0 inet proto tcp to 10.1.0.1/32 keep state
pass out inet proto tcp to 127.0.0.1/32
''

Start a netcat server on 127.0.0.1:12345

nc -l 12345

In a different session connect and transfer data (here 700KB)

seq -w 6 1 100000 | nc 10.77.0.5 555

You'll see there's an initial burst of traffic and then traffic slows down to bursts of 1448 bytes every ~200ms

Mac Version: 13.1

Hi,

same issue here. It seems it affects number of people.

Any updates ?

    1. arch ARM
    1. OSX 14.3.1
    1. sshuttle 1.1.1
    1. Python 3.11.6

Thanks

monterey pfctl issues
 
 
Q