From owner-freebsd-pf@FreeBSD.ORG Sun Dec 7 10:57:20 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C59473C5 for ; Sun, 7 Dec 2014 10:57:20 +0000 (UTC) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 806F7130 for ; Sun, 7 Dec 2014 10:57:20 +0000 (UTC) Received: from pi by home.opsec.eu with local (Exim 4.82 (FreeBSD)) (envelope-from ) id 1XxZWf-0004sP-KX; Sun, 07 Dec 2014 11:57:17 +0100 Date: Sun, 7 Dec 2014 11:57:17 +0100 From: Kurt Jaeger To: freebsd-pf@freebsd.org Subject: Re: Get RID of the multi threading patch in FreeBSDs version of PF Message-ID: <20141207105717.GP44537@home.opsec.eu> References: <136621417831771@web24j.yandex.ru> <5483605C.4070400@bluerosetech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5483605C.4070400@bluerosetech.com> Cc: Martin Hanson X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Dec 2014 10:57:20 -0000 Hi! > On 12/5/2014 6:09 PM, Martin Hanson wrote: > > Has any important bugs been fixed in PF on OpenBSD since the current > > port in FreeBSD that actually makes the current PF in FreeBSD > > "dangerous" to run with? > > FreeBSD's pf is broken for IPv6. Its lack of fragment support means a > FreeBSD breaks EDNS0 and other large-packet protocols that rely on > fragment headers. This was fixed recently as far as I understand. Have a look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392 and https://svnweb.freebsd.org/changeset/base/274709 -- pi@opsec.eu +49 171 3101372 6 years to go !