I wrote: > I'm having trouble configuring ipfw to handle fragmented IPv6 packets.
[...] > My second idea was to simply allow all fragments, and let the TCP stack > figure it out. I used the following ruleset: > ipfw add 1020 count log ipv6 from any to me recv tun0 frag > ipfw add 1030 deny log ipv6 from any to me recv tun0 > > Unfortunately, this still fails. Below is output of tcpdump and the ipfw > log. As you can see rule 1020 is never matched. > > Why is rule 1020 never matched? Oh bugger, it seems the problem was between keyboard and chair. I tested this on a production machine, and moved some rule numbers. Forgot that I had a skipto rule somewhere and did not update that rule number... Anyway, I'm still interested to hear how others handle fragmented IPv6 traffic (off-topic: any pointers to why it is fragmented are appreciated too). In particular, I'm still interested in these answers: > Is there a bug report available for the reassambly bug, so I can track it? > If not, where can I report it (presuming it is a bug of course)? Regards, Freek Dijkstra _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
