On 9. Jun 2012, at 08:12 , [email protected] wrote: > There's a sentence at the end of the "Fragment Handling" section of the > pf.conf man page: > > "Currently, only IPv4 fragments are supported and IPv6 fragments are blocked > unconditionally." > > This is in pf.conf(5) for FreeBSD versions using pf 4.1. It looks like we > only have pf 4.5 in HEAD and I believe support for IPv6 fragments didn't > arrive until OpenBSD 5.0 (after the pf.conf format change). > > Is IPv6 fragmentation support still an issue? I'm chasing down PMTU issues > and came across this. If it's the case, it would explain a lot of the > problems I'm having with UDP over IPv6.
Yes, it's not there yet; someone needs to cherry pick the commits and bring it over. Glebius can you do that? You can however unconditionally allow all fragments and trust a (bad) end host system: pass log quick inet6 proto ipv6-frag all (it has log set for a reason to be able to track them here) /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
