Date: Sun, 7 Dec 2014 11:57:17 +0100 From: Kurt Jaeger <lists@opsec.eu> To: freebsd-pf@freebsd.org Cc: Martin Hanson <greencoppermine@yandex.com> Subject: Re: Get RID of the multi threading patch in FreeBSDs version of PF Message-ID: <20141207105717.GP44537@home.opsec.eu> In-Reply-To: <5483605C.4070400@bluerosetech.com> References: <136621417831771@web24j.yandex.ru> <5483605C.4070400@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > On 12/5/2014 6:09 PM, Martin Hanson wrote: > > Has any important bugs been fixed in PF on OpenBSD since the current > > port in FreeBSD that actually makes the current PF in FreeBSD > > "dangerous" to run with? > > FreeBSD's pf is broken for IPv6. Its lack of fragment support means a > FreeBSD breaks EDNS0 and other large-packet protocols that rely on > fragment headers. This was fixed recently as far as I understand. Have a look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392 and https://svnweb.freebsd.org/changeset/base/274709 -- pi@opsec.eu +49 171 3101372 6 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141207105717.GP44537>