Hi,
I have a question regarding packet reassembly.
man 5 pf.conf says:
"set reassemble yes | no [no-df]
The reassemble option is used to enable or disable the reassembly of
fragmented packets, and can be set to yes (the default) or no..."
and later with traffic normalization via "scrub" man states:
"reassemble tcp
Statefully normalises TCP connections. Reassemble tcp performs the
following normalisations ..."
The reassembly normalizations that are listed sound very useful, but I
note in the pf FAQ example for a router[1] that the "scrub" statement
*doesn't* include "reassemble tcp"
My question is - is it unnecessary to include "reassemble tcp" in the
scrub rule if "set reassemble yes" has already been set ? I know the
FAQ example also doesn't explicitly state "set reassemble yes", but man
notes that that is the default setting.
Stated another way - is there ever a case where I would put "set
reassemble yes" and "match in all scrub (... reassemble tcp)" ?
Thanks,
- J
[1] https://www.openbsd.org/faq/pf/example1.html
