From owner-freebsd-net@FreeBSD.ORG Tue Feb 10 10:49:31 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D5D8D61E for ; Tue, 10 Feb 2015 10:49:31 +0000 (UTC) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [IPv6:2a01:4f8:131:60a2::2]) by mx1.freebsd.org (Postfix) with ESMTP id 9553F937 for ; Tue, 10 Feb 2015 10:49:31 +0000 (UTC) Received: from [IPv6:2001:470:923f:2:943d:72c8:c2e8:4132] (unknown [IPv6:2001:470:923f:2:943d:72c8:c2e8:4132]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id 4901456401; Tue, 10 Feb 2015 13:49:20 +0300 (MSK) Message-ID: <54D9E233.1010702@FreeBSD.org> Date: Tue, 10 Feb 2015 13:49:23 +0300 From: Lev Serebryakov Reply-To: lev@FreeBSD.org Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Andre Albsmeier , Freddie Cash Subject: Re: Problems with IP fragments References: <54C918D2.7090805@FreeBSD.org> <54C91E80.7020407@infracaninophile.co.uk> <54C92222.6000201@FreeBSD.org> <20150209212131.GA32613@schlappy> In-Reply-To: <20150209212131.GA32613@schlappy> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: freebsd-net , Matthew Seaman X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2015 10:49:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 10.02.2015 00:21, Andre Albsmeier wrote: > The ipfw man page says: > > Usually a simple rule like: > > # reassemble incoming fragments ipfw add reass all from any to any > in > > is all you need at the beginning of your ruleset. > > However, I could never make this work. It eats all fragments but > the resulting final packet never makes it. I am back to > > ipfw -q add 1 pass udp from any to $myip frag in recv $ifc > > as I need it only for UDP. Frag reassembly in pf works well on the > other hand... reass works for me, but kills all IPv6 packets, so it should be "reass ip4 from any to any in [recv $iface]" - -- // Lev Serebryakov AKA Black Lion -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJU2eIyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePBe8P/3DNcYMcf/2jwKEQjV+FFdd9 p9p/SVbsHlXAW1TyMXQWua+gBVFCdz+Ks1ff4F7cg/g1b24GOkmNzmzvgZRQ4cbt 4hHn8exNNPvJg/9/UzXfB73f6VPihRqeMA6qknLtf9B2zMOYvahMSDqOslUQmR89 HoMkuirVNNN8GMKIrWLYN1y/cuN0WPRuQXj/XRaKPY+WRMsO/i0hD52X7Ac5WaJn +gT6lQR6ujPtTtk3nlYwgWup1YIdfaizRXE6VYBlapAof/jghCKSDu3NYLbcr0wy qlnKrUVlJ7dpTzmYCvmRY9Sifs8+WYCX69TFlDf+1YaDb0878uG51mmy6kNWwbmU nGdj1gxgZuqtZ9DW7Q0x0wsg4gEGOIXCodz4/7q//TvU0w97Wu/SQIhtjleY7b62 VKoFXbmiOe3HP/LigJC/mQ6CJyAPeKi5qDot6FNflpTWW+RYY0GCJQW7j0BcCTRo UxdoqQ2/sdvc01PLDIfI9pwO1HEJxzEBv52aKPN2KTtWDSV5sqzJECIGRwVRrs99 xfc0IlKNEFrmfODcRHqXlIzXi50ccTL7f/OCofQdj5lml8wWnPkSULmyTtbjq4gQ Nm1qkDqnG8P7D4Yj84YX7zjfDTdjXX7ag1jxjw3djVQ+LohfB2VxWxNBtFM2lDx+ weZoCcbAaaJO7rPL3GdF =vz5c -----END PGP SIGNATURE-----