Date: Sun, 07 Dec 2014 16:31:19 -0800 From: Darren Pilgrim <list_freebsd@bluerosetech.com> To: Kurt Jaeger <lists@opsec.eu>, freebsd-pf@freebsd.org Subject: Re: Get RID of the multi threading patch in FreeBSDs version of PF Message-ID: <5484F157.9010707@bluerosetech.com> In-Reply-To: <20141207105717.GP44537@home.opsec.eu> References: <136621417831771@web24j.yandex.ru> <5483605C.4070400@bluerosetech.com> <20141207105717.GP44537@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/7/2014 2:57 AM, Kurt Jaeger wrote: >> On 12/5/2014 6:09 PM, Martin Hanson wrote: >>> Has any important bugs been fixed in PF on OpenBSD since the current >>> port in FreeBSD that actually makes the current PF in FreeBSD >>> "dangerous" to run with? >> >> FreeBSD's pf is broken for IPv6. Its lack of fragment support means a >> FreeBSD breaks EDNS0 and other large-packet protocols that rely on >> fragment headers. > > This was fixed recently as far as I understand. > > Have a look at > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392 > > and > > https://svnweb.freebsd.org/changeset/base/274709 I think you're confused about the issue I described. I'm talking about pf not supporting fragment headers and as such dropping fragmented packets instead of statefully passing them. See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=124933
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5484F157.9010707>