From owner-cvs-all@FreeBSD.ORG  Wed Oct 25 17:53:02 2006
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: by hub.freebsd.org (Postfix, from userid 680)
	id D091616A407; Wed, 25 Oct 2006 17:53:02 +0000 (UTC)
Date: Wed, 25 Oct 2006 17:53:02 +0000
From: Darren Reed <darrenr@hub.freebsd.org>
To: Andrew Thompson <thompsa@FreeBSD.org>
Message-ID: <20061025175302.GB94866@hub.freebsd.org>
References: <200604290537.k3T5bPXC071830@repoman.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200604290537.k3T5bPXC071830@repoman.freebsd.org>
User-Agent: Mutt/1.4.2.1i
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/net if_bridge.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2006 17:53:02 -0000

On Sat, Apr 29, 2006 at 05:37:25AM +0000, Andrew Thompson wrote:
> thompsa     2006-04-29 05:37:25 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sys/net              if_bridge.c 
>   Log:
>   Add support for fragmenting ipv4 packets.
>   
>   The packet filter may reassemble the ip fragments and return a packet that is
>   larger than the MTU of the sending interface. There is no check for DF or icmp
>   replies as we can only get a large packet to fragment by reassembling a
>   previous fragment, and this only happens after a call to pfil(9).

I'm a long time in catching up with this change, but architecturally,
this change is very very wrong.

A bridge should have _no_ part in fragmenting up an IP packet
regardless of what options are set (or not set) in an IP header.

Darren