[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: PF silently dropping IPv6 packets
Martti Kuparinen wrote:
15:49:19.114873 rule 46/0(match): block in on vlan200: (hlim 119,
next-header: Fragment (44), length: 34) 2001:yyyy:yyyy:yyyy::e0fe >
2001:xxxx:xxxx:xxxx::3: frag (0x00004194:0|26) ICMP6, echo reply, length
26, seq 1
which is this this rule
pass out all flags S/SA keep state (if-bound)
Uh, wrong rule line, it's really a similar block in all rule...
Now, we modified the client not to follow the draft so there's no fragment
header within the IPv6 packet and now PF passes it through. So the fragment
header makes PF confused somehow...
Main Index |
Thread Index |