From owner-freebsd-net@FreeBSD.ORG  Sat Apr  7 21:20:42 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9D72416A402
	for <net@freebsd.org>; Sat,  7 Apr 2007 21:20:42 +0000 (UTC)
	(envelope-from daved@tamu.edu)
Received: from sr-2-int.cis.tamu.edu (smtp-relay.tamu.edu [165.91.22.120])
	by mx1.freebsd.org (Postfix) with ESMTP id 66C9C13C44B
	for <net@freebsd.org>; Sat,  7 Apr 2007 21:20:42 +0000 (UTC)
	(envelope-from daved@tamu.edu)
Received: from localhost (localhost.tamu.edu [127.0.0.1])
	by sr-2-int.cis.tamu.edu (Postfix) with ESMTP id D85801AE10;
	Sat,  7 Apr 2007 16:20:41 -0500 (CDT)
Received: from [10.0.1.2] (pool-71-126-195-96.herntx.dsl-w.verizon.net
	[71.126.195.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by sr-2-int.cis.tamu.edu (Postfix) with ESMTP id 37F531AE0B;
	Sat,  7 Apr 2007 16:20:41 -0500 (CDT)
In-Reply-To: <20070407205139.GD64415@heff.fud.org.nz>
References: <DD6B106A-C1CD-4A72-8F56-EDD9AE90AE38@tamu.edu>
	<20070407205139.GD64415@heff.fud.org.nz>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-2-105144997;
	protocol="application/pkcs7-signature"
Message-Id: <E81A4F7B-4E5B-409D-A49B-805F20F3DB01@tamu.edu>
From: David Duchscher <daved@tamu.edu>
Date: Sat, 7 Apr 2007 16:20:40 -0500
To: Andrew Thompson <thompsa@freebsd.org>
X-Mailer: Apple Mail (2.752.2)
X-Virus-Scanned: amavisd-new at tamu.edu
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: net@freebsd.org
Subject: Re: pf + scrub fragment reassemble + if_bridge = bad?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Apr 2007 21:20:42 -0000


--Apple-Mail-2-105144997
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed


On Apr 7, 2007, at 3:51 PM, Andrew Thompson wrote:

> On Sat, Apr 07, 2007 at 03:01:09PM -0500, David Duchscher wrote:
>> Ran into a problem the other day and wanted to drop a note and see
>> if I should followup with a PR.  Running a box as a bridging firewall
>> and ran into problem with giant packets being reported by the router
>> on one end and OSPF routing dropping.  Seems that once a packet is
>> reassembled by pf, it gets forward on through the bridge and out
>> onto the wire.  In this case, it was an OSPF packet that ended up
>> being 1540 bytes long .  Of course, turning off the scrub rules fix
>> the problem but I was wondering if this is expected behavior, a
>> bug, or has already been fix.
>>
>> The box is running 6.1-RELEASE i386.  Network interfaces are em
>> gigabit interfaces with MTU at 1500.
>
> You are quite right and this has been fixed from 6.2. You will either
> need to upgrade to that or manually apply r1.11.2.31

Sweet and thanks.  I swear I looked for a fix had already been committed
but obviously I missed it.

--
DaveD


--Apple-Mail-2-105144997--