Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

"pf" drops all IPv6 fragments



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Others may be aware of this, but in case you are not:

I have been trying to use "pf" recently, mainly because of some tricky
stuff I have going on and need to do a hackish source routing trick to
send things out the proper tunnel, regardless of destination.

It all works, except one major gotcha I noticed in the pf.conf man page:

     Currently, only IPv4 fragments are supported and IPv6 fragments are
     blocked unconditionally.

Just in case anyone else is silly enough to try "pf" out, this is a
serious problem for anyone looking at IPv6.

- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEUEARECAAYFAkv+oCAACgkQl6Nz7kJWYWZgIQCWJAqA06oJfK5G4Ooe6H6XsqAG
PACeOvP9YZ7SV0IGgzonTVKJpMcJEVg=
=hk0N
-----END PGP SIGNATURE-----


Home | Main Index | Thread Index | Old Index