Date: Sat, 7 Feb 2015 09:46:30 +0100 From: Kristof Provost <kristof@sigsegv.be> To: Darren Pilgrim <list_freebsd@bluerosetech.com> Cc: freebsd-pf@FreeBSD.org Subject: Re: [Bug 124933] [pf] [ip6] pf does not support (drops) IPv6 fragmented packets Message-ID: <20150207084630.GF2167@vega.codepro.be> In-Reply-To: <54D54FB3.9020305@bluerosetech.com> References: <bug-124933-17777@https.bugs.freebsd.org/bugzilla/> <bug-124933-17777-bxn423k67x@https.bugs.freebsd.org/bugzilla/> <54D54FB3.9020305@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2015-02-06 15:35:15 (-0800), Darren Pilgrim <list_freebsd@bluerosetech.com> wrote: > On 2/5/2015 1:21 AM, bugzilla-noreply@freebsd.org wrote: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=124933 > > --- Comment #7 from Kristof Provost <kristof@freebsd.org> --- > > There are patches here: > > > > https://reviews.freebsd.org/D1764 > > https://reviews.freebsd.org/D1765 > > https://reviews.freebsd.org/D1766 > > https://reviews.freebsd.org/D1767 > > Sweet! Please tell me these will MFC in time for 10.2? > There are still issues at the moment. I'm trying to get those fixed as soon as possible. Specifically, there's a problem with the refragmentation. If you're using pf on a gateway it will correctly defragment and then filter, but it won't refragment before trying to send the packet out again. As a result you get an ICMP6 Packet Too Big error if you do 'ping6 -s 9000 ...' through it. The current patches apply to stable/10 (I'm currently running two stable/10 systems with them), so if you like you can already give them a try. Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150207084630.GF2167>