From owner-freebsd-pf@FreeBSD.ORG  Sun Dec  7 10:57:20 2014
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C59473C5
 for <freebsd-pf@freebsd.org>; Sun,  7 Dec 2014 10:57:20 +0000 (UTC)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 806F7130
 for <freebsd-pf@freebsd.org>; Sun,  7 Dec 2014 10:57:20 +0000 (UTC)
Received: from pi by home.opsec.eu with local (Exim 4.82 (FreeBSD))
 (envelope-from <lists@opsec.eu>)
 id 1XxZWf-0004sP-KX; Sun, 07 Dec 2014 11:57:17 +0100
Date: Sun, 7 Dec 2014 11:57:17 +0100
From: Kurt Jaeger <lists@opsec.eu>
To: freebsd-pf@freebsd.org
Subject: Re: Get RID of the multi threading patch in FreeBSDs version of PF
Message-ID: <20141207105717.GP44537@home.opsec.eu>
References: <136621417831771@web24j.yandex.ru>
 <5483605C.4070400@bluerosetech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5483605C.4070400@bluerosetech.com>
Cc: Martin Hanson <greencoppermine@yandex.com>
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Dec 2014 10:57:20 -0000

Hi!

> On 12/5/2014 6:09 PM, Martin Hanson wrote:
> > Has any important bugs been fixed in PF on OpenBSD since the current
> > port in FreeBSD that actually makes the current PF in FreeBSD
> > "dangerous" to run with?
> 
> FreeBSD's pf is broken for IPv6.  Its lack of fragment support means a 
> FreeBSD breaks EDNS0 and other large-packet protocols that rely on 
> fragment headers.

This was fixed recently as far as I understand.

Have a look at

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392

and

https://svnweb.freebsd.org/changeset/base/274709

-- 
pi@opsec.eu            +49 171 3101372                         6 years to go !