From owner-freebsd-pf@FreeBSD.ORG  Tue Oct 14 13:57:18 2014
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id DFEB463C
 for <freebsd-pf@freebsd.org>; Tue, 14 Oct 2014 13:57:18 +0000 (UTC)
Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A110FFE7
 for <freebsd-pf@freebsd.org>; Tue, 14 Oct 2014 13:57:18 +0000 (UTC)
Received: from vega.codepro.be (unknown [172.16.1.3])
 by venus.codepro.be (Postfix) with ESMTP id 0F9F013298;
 Tue, 14 Oct 2014 15:57:15 +0200 (CEST)
Received: by vega.codepro.be (Postfix, from userid 1001)
 id 09264E40F; Tue, 14 Oct 2014 15:57:15 +0200 (CEST)
Date: Tue, 14 Oct 2014 15:57:15 +0200
From: Kristof Provost <kristof@sigsegv.be>
To: "Spenst, Aleksej" <Aleksej.Spenst@harman.com>
Subject: Re: Fragmented packets are not redirected
Message-ID: <20141014135714.GT2017@vega.codepro.be>
References: <CBA35483CE5B4D4B804BF128A77A61650E99EC6B@HIKAWSEXMB02.ad.harman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CBA35483CE5B4D4B804BF128A77A61650E99EC6B@HIKAWSEXMB02.ad.harman.com>
X-PGP-Fingerprint: E114 D9EA 909E D469 8F57  17A5 7D15 91C6 9EFA F286
X-Checked-By-NSA: Probably
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 13:57:19 -0000

On 2014-10-14 09:33:44 (+0000), Spenst, Aleksej <Aleksej.Spenst@harman.com> wrote:
> It is clear that if the IP fragments are not reassembled at the server
> they cannot be redirected since the redirection rule is written for
> UDP packets. That is why I have this scrub rule at the very beginning
> of my pf.conf:
> 
> scrub in on wlan0 all
> 
> I thought that this rule should reassemble all the incoming fragments.
> The reassembled UDP packets should be then correctly passed through
> the rdr rule and redirected to my PC. But this does not happen.
> 
I think that you want 'scrub in on wlan0 all fragment reassemble'.

Regards,
Kristof