From owner-freebsd-bugs@FreeBSD.ORG  Tue Jun 24 15:10:05 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A64901065673
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 24 Jun 2008 15:10:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 9CF1E8FC15
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 24 Jun 2008 15:10:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5OFA5BM000450
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 24 Jun 2008 15:10:05 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5OFA5EC000449;
	Tue, 24 Jun 2008 15:10:05 GMT (envelope-from gnats)
Date: Tue, 24 Jun 2008 15:10:05 GMT
Message-Id: <200806241510.m5OFA5EC000449@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc: 
Subject: Re: kern/124933: pf does not support (drops) IPv6 fragmented packets
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2008 15:10:05 -0000

The following reply was made to PR kern/124933; it has been noted by GNATS.

From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To: bug-followup@FreeBSD.org, lionel.fourquaux+fbsdbug@normalesup.org
Cc:  
Subject: Re: kern/124933: pf does not support (drops) IPv6 fragmented packets
Date: Tue, 24 Jun 2008 14:41:34 +0000 (UTC)

 On Tue, 24 Jun 2008, Lionel Fourquaux wrote:
 
 >
 >> Number:         124933
 
 
 >> Description:
 > pf does not support traffic normalization for IPv6 fragmented packets.  Fragmented packets are dropped.  As stated in pf.conf(5): "Currently, only IPv4 fragments are supported and IPv6 fragments are blocked unconditionally".
 > Since tunneled IPv6 connectivity ("tunnel brokers") often provide only the minimum MTU (1280), this means that it is impossible to set up tunnels or IPsec while using pf for filtering.
 
 You can permit the firewall to unconditionally (not mormalized)
 pass the frags.
 
  	pass in on <int> inet6 proto ipv6-frag all
 
 
 To be honest I do not think this should be a FreeBSD PR but you might
 be lucky as I heard someone read the source lately and cried... trying
 to get closer to implement this feature.
 
 -- 
 Bjoern A. Zeeb              Stop bit received. Insert coin for new game.