On Wed, Jul 6, 2011 at 11:00 AM, Tony Sarendal <[email protected]> wrote:
> > > On Wed, Jul 6, 2011 at 7:03 AM, Ryan McBride <[email protected]> wrote: > >> If there is anyone out there who disables fragment reassembly (enabled >> by default), you need to help testing this diff which folds >> pf_test_fragment() into pf_test_rule(). >> >> If I don't hear from anyone we may one day decide that nobody actually >> does this and remove the ability to disable reassembly completely... >> > Good morning Ryan, > > we use this feature in our OpenBSD routers. I'll test and get back to you. > Basic testing done. Looks ok. The only thing I noticed was that default wasn't actually default as I thought. If I do "set reassemble no" and reload pf it works as expected, if I now remove or comment it out and reload I still have the "set reassemble no" behaviour. Removing the ability to not reassemble seems a little extreme to me, in IP networks there is no guarantee that a router will see all fragments. Regards Tony
