* Helmut Schneider <jumpe...@gmx.de> [2009-12-18 08:30]: > Henning Brauer wrote: > > * Stuart Henderson <s...@spacehopper.org> [2009-12-16 16:00]: > > > On 2009/12/16 13:27, Helmut Schneider wrote: > > > > [...] > > > > > Dec 15 13:34:23.640235 rule 11/(match) block in on bge0: > > > > > $SERVER > $CLIENT: frag (0|1448) 500 > 500: isakmp v1.0 > > > > > exchange ID_PROT encrypted cookie: > > > > > 583b9e29ae2a701f->f2257c7575eb8336 msgid: 00000000 len: 1596 > > > > > Dec 15 13:34:23.640245 rule 11/(match) block in on bge0: > > > > > $SERVER > $CLIENT: frag (1448|156) > > > > > > > > Same with 4.6. With "pass quick log inet6" the connection is > > > > successful. Is the packet incorrectly parsed?! The fact that the > > > > unfragmented packet is passed would confirm that. > > > > > > PF doesn't support IPv6 fragments yet. > > > > "yet". hah. > > "hah" in the sense of "It's cooking" or in the sense of "Are you > kidding"? http://www.mail-archive.com/m...@openbsd.org/msg84332.html > pp. raised hopes.
nobody is actively working on anything in that direction afaik. chances are the hole v6 mess is declared obsolete before we get into this mess (heh, mess on top of mess, get dirty). all hail ipv4/64! -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting