From owner-freebsd-pf@FreeBSD.ORG  Sat Feb  7 08:46:34 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1F472B15
 for <freebsd-pf@FreeBSD.org>; Sat,  7 Feb 2015 08:46:34 +0000 (UTC)
Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D40C4BDD
 for <freebsd-pf@FreeBSD.org>; Sat,  7 Feb 2015 08:46:33 +0000 (UTC)
Received: from vega.codepro.be (unknown [172.16.1.3])
 by venus.codepro.be (Postfix) with ESMTP id 9F06DB385;
 Sat,  7 Feb 2015 09:46:30 +0100 (CET)
Received: by vega.codepro.be (Postfix, from userid 1001)
 id 9925919203; Sat,  7 Feb 2015 09:46:30 +0100 (CET)
Date: Sat, 7 Feb 2015 09:46:30 +0100
From: Kristof Provost <kristof@sigsegv.be>
To: Darren Pilgrim <list_freebsd@bluerosetech.com>
Subject: Re: [Bug 124933] [pf] [ip6] pf does not support (drops) IPv6
 fragmented packets
Message-ID: <20150207084630.GF2167@vega.codepro.be>
References: <bug-124933-17777@https.bugs.freebsd.org/bugzilla/>
 <bug-124933-17777-bxn423k67x@https.bugs.freebsd.org/bugzilla/>
 <54D54FB3.9020305@bluerosetech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <54D54FB3.9020305@bluerosetech.com>
X-PGP-Fingerprint: E114 D9EA 909E D469 8F57  17A5 7D15 91C6 9EFA F286
X-Checked-By-NSA: Probably
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: freebsd-pf@FreeBSD.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Feb 2015 08:46:34 -0000

On 2015-02-06 15:35:15 (-0800), Darren Pilgrim <list_freebsd@bluerosetech.com> wrote:
> On 2/5/2015 1:21 AM, bugzilla-noreply@freebsd.org wrote:
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=124933
> > --- Comment #7 from Kristof Provost <kristof@freebsd.org> ---
> > There are patches here:
> >
> > https://reviews.freebsd.org/D1764
> > https://reviews.freebsd.org/D1765
> > https://reviews.freebsd.org/D1766
> > https://reviews.freebsd.org/D1767
> 
> Sweet! Please tell me these will MFC in time for 10.2?
> 
There are still issues at the moment. I'm trying to get those fixed as
soon as possible. 

Specifically, there's a problem with the refragmentation. If you're
using pf on a gateway it will correctly defragment and then filter, but
it won't refragment before trying to send the packet out again. As a
result you get an ICMP6 Packet Too Big error if you do 'ping6 -s 9000
...' through it.

The current patches apply to stable/10 (I'm currently running two
stable/10 systems with them), so if you like you can already give them a
try.

Regards,
Kristof