Date: Thu, 09 Feb 2012 22:43:58 +0100 From: Freek Dijkstra <public@macfreek.nl> To: freebsd-ipfw@freebsd.org Subject: Re: IPv6 fragments Message-ID: <4F343E1E.3010702@macfreek.nl> In-Reply-To: <4F342D87.5060208@macfreek.nl> References: <4F342D87.5060208@macfreek.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote: > I'm having trouble configuring ipfw to handle fragmented IPv6 packets. [...] > My second idea was to simply allow all fragments, and let the TCP stack > figure it out. I used the following ruleset: > ipfw add 1020 count log ipv6 from any to me recv tun0 frag > ipfw add 1030 deny log ipv6 from any to me recv tun0 > > Unfortunately, this still fails. Below is output of tcpdump and the ipfw > log. As you can see rule 1020 is never matched. > > Why is rule 1020 never matched? Oh bugger, it seems the problem was between keyboard and chair. I tested this on a production machine, and moved some rule numbers. Forgot that I had a skipto rule somewhere and did not update that rule number... Anyway, I'm still interested to hear how others handle fragmented IPv6 traffic (off-topic: any pointers to why it is fragmented are appreciated too). In particular, I'm still interested in these answers: > Is there a bug report available for the reassambly bug, so I can track it? > If not, where can I report it (presuming it is a bug of course)? Regards, Freek Dijkstra
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F343E1E.3010702>