From owner-freebsd-pf@freebsd.org  Fri Mar  4 07:33:05 2016
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 961E09DA362
 for <freebsd-pf@mailman.ysv.freebsd.org>; Fri,  4 Mar 2016 07:33:05 +0000 (UTC)
 (envelope-from kp@FreeBSD.org)
Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 661EA397
 for <freebsd-pf@freebsd.org>; Fri,  4 Mar 2016 07:33:05 +0000 (UTC)
 (envelope-from kp@FreeBSD.org)
Received: from [IPv6:2a02:1811:2419:4e02:9112:8f26:91ea:d4ff] (unknown
 [IPv6:2a02:1811:2419:4e02:9112:8f26:91ea:d4ff])
 by venus.codepro.be (Postfix) with ESMTPSA id 89C93192BC;
 Fri,  4 Mar 2016 08:33:01 +0100 (CET)
Subject: Re: IPv6 fragments in 10.2
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: text/plain; charset=utf-8
From: Kristof Provost <kp@FreeBSD.org>
X-Checked-By-Nsa: Probably
In-Reply-To: <56D8F9E1.9060808@bluerosetech.com>
Date: Fri, 4 Mar 2016 08:33:03 +0100
Cc: freebsd-pf@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F4AE691-7D6C-4FC4-9FCA-AA16F9AE9263@FreeBSD.org>
References: <56D8F9E1.9060808@bluerosetech.com>
To: Melissa Pilgrim <list_freebsd@bluerosetech.com>
X-Mailer: Apple Mail (2.3124)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2016 07:33:05 -0000


> On 04 Mar 2016, at 03:58, Melissa Pilgrim =
<list_freebsd@bluerosetech.com> wrote:
>=20
> Now that pf in 10.2 supports IPv6 fragments, how do you configure pf =
to allow them?  I'm still seeing UDP PMTU breakage specifically with =
FreeBSD and pf related to the packet filter not passing fragments.  The =
basic "fragment reassemble" scrub rule doesn't seem to be sufficient. =
The man page was not updated with the commit, and I'm not having any =
luck with web searches.

The =E2=80=98scrub all fragment reassemble=E2=80=99 rule should be =
sufficient.

Can you post your pf.conf and a network capture demonstrating the =
problem?

Thanks,
Kristof