Date: Mon, 6 Dec 2004 11:47:00 +0900 From: Pyun YongHyeon <yongari@kt-is.co.kr> To: gtg062h@mail.gatech.edu Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD bridge + filtering, BIG problem Message-ID: <20041206024700.GA744@kt-is.co.kr> In-Reply-To: <7c8f27920412051617123672bf@mail.gmail.com> References: <20041201045203.262D443D5C@mx1.FreeBSD.org> <20041201110912.GA9840@kt-is.co.kr> <7c8f27920412010523730447de@mail.gmail.com> <20041202033920.GC12155@kt-is.co.kr> <7c8f27920412051617123672bf@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 05, 2004 at 07:17:05PM -0500, Josh Kayse wrote: [...] > > I managed to get your patch to apply to FreeBSD RELENG_5. > > I have a question about the bridge_fragment function though. Would > this prevent packets from linux NFS clients from working, the > fragmented ones with the DF flag set? Thanks for any information. > I guess this has nothing to do with bridge. AFAIK, linux is known to generate fragmented packets with DF bit set. Normally, scrub rule of pf drops the fragmented packet that was told not to framgent(i.e. DF bit set) You may need an additional option "no-df" to pass the packet in scrub rule. > I'll post the patch later if anyone wants it. It hasn't been Great! I believe, your patch would be quite useful to FreeBSD pf/ipf users. > thoroughly tested but is currently running on a bridge setup in my > test lab with my work machine behind it. > One note, don't be fooled by "netstat -m" output after patching your system. Its statistics were broken on 5.3R. For instance, on my P3 SMP: 19926 mbufs in use 4294938777/19136 mbuf clusters in use (current/max) ^^^^^^^^^^^^^^^^ 0/4/5040 sfbufs in use (current/peak/max) 4142247 KBytes allocated to network ^^^^^^^^^^^^^^ 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 270 calls to protocol drain routines > -josh > > -- > Joshua Kayse > Computer Engineering -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041206024700.GA744>