Date: Thu, 16 Sep 2004 04:09:40 -0000 From: Mark Atkinson <darkmark@filament.org> To: yongari@kt-is.co.kr Cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: fixing out of order first fragment processing? Message-ID: <20040723083854.W6533@hellfire.filament.org>
next in thread | raw e-mail | index | archive | help
I have to sign up from a different address since freelists does not like yahoo mail. >If DF(don't fragment) bit in IP packet header was set and the packet >was fragmented, pf will drop the IP packet. I guess it's natural to >drop the IP packet when such a condition happens. >Check the output of tcpdump. >You can let pf pass the packet with no-df option. >For instance, >scrub on $interface random-id no-df fragment reassemble This DOES work -- Linux does set the DF flag on it's fragments. Thanks a ton. Mark Atkinson mark-pf@filament.org (!wired)?(coffee++):(wired);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040723083854.W6533>