From owner-freebsd-pf@FreeBSD.ORG Thu Jun 11 18:08:03 2015 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 37E1E179 for ; Thu, 11 Jun 2015 18:08:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 21BB3186F for ; Thu, 11 Jun 2015 18:08:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t5BI832S079370 for ; Thu, 11 Jun 2015 18:08:03 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 200330] panic: pf_addr_cmp: unknown address family 0 when scrub fragment drop-ovl is used Date: Thu, 11 Jun 2015 18:08:03 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kristof@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kristof@freebsd.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 18:08:03 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200330 --- Comment #17 from Kristof Provost --- 'reassemble' does the right thing, in that it will fully reassemble the packet. It handles overlaps, by discarding the (parts of) packets it's already seen. Processing continues with the full packet, not on a fragment-per-fragment basis. When filtering input packets that's where it ends, because the host would have to reassemble anyway. When forwarding we also just continue with the full packet, and fragment again when transmitting. This implies that it's possible that we'll receive 5 packets of 80 bytes, but we transmit one packet of 400 bytes. (Note that this is slightly different for IPv6. There we'll always refragment to the size of the largest fragment we received so we don't break path MTU.) -- You are receiving this mail because: You are on the CC list for the bug.