From owner-freebsd-pf@FreeBSD.ORG Sat Jun 9 08:12:53 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B81E210656B3 for ; Sat, 9 Jun 2012 08:12:53 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from yoshi.bluerosetech.com (yoshi.bluerosetech.com [IPv6:2607:f2f8:a450::66]) by mx1.freebsd.org (Postfix) with ESMTP id 991A58FC1B for ; Sat, 9 Jun 2012 08:12:53 +0000 (UTC) Received: from vivi.cat.pdx.edu (vivi.cat.pdx.edu [131.252.214.6]) by yoshi.bluerosetech.com (Postfix) with ESMTPSA id 37835E6008 for ; Sat, 9 Jun 2012 01:12:53 -0700 (PDT) Received: from [IPv6:2001:470:8643:970:211:43ff:fe70:5826] (unknown [IPv6:2001:470:8643:970:211:43ff:fe70:5826]) by vivi.cat.pdx.edu (Postfix) with ESMTPSA id 2285424DF1 for ; Sat, 9 Jun 2012 01:12:52 -0700 (PDT) Message-ID: <4FD30582.90506@bluerosetech.com> Date: Sat, 09 Jun 2012 01:12:50 -0700 From: list_freebsd@bluerosetech.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.4) Gecko/20120421 Thunderbird/10.0.4 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: IPv6 fragments firewall support? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 08:12:53 -0000 There's a sentence at the end of the "Fragment Handling" section of the pf.conf man page: "Currently, only IPv4 fragments are supported and IPv6 fragments are blocked unconditionally." This is in pf.conf(5) for FreeBSD versions using pf 4.1. It looks like we only have pf 4.5 in HEAD and I believe support for IPv6 fragments didn't arrive until OpenBSD 5.0 (after the pf.conf format change). Is IPv6 fragmentation support still an issue? I'm chasing down PMTU issues and came across this. If it's the case, it would explain a lot of the problems I'm having with UDP over IPv6.