"pf" drops all IPv6 fragments

To: current-users%netbsd.org@localhost
Subject: "pf" drops all IPv6 fragments
From: Michael Graff <explorer%flame.org@localhost>
Date: Thu, 27 May 2010 11:38:56 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Others may be aware of this, but in case you are not:

I have been trying to use "pf" recently, mainly because of some tricky
stuff I have going on and need to do a hackish source routing trick to
send things out the proper tunnel, regardless of destination.

It all works, except one major gotcha I noticed in the pf.conf man page:

     Currently, only IPv4 fragments are supported and IPv6 fragments are
     blocked unconditionally.

Just in case anyone else is silly enough to try "pf" out, this is a
serious problem for anyone looking at IPv6.

- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEUEARECAAYFAkv+oCAACgkQl6Nz7kJWYWZgIQCWJAqA06oJfK5G4Ooe6H6XsqAG
PACeOvP9YZ7SV0IGgzonTVKJpMcJEVg=
=hk0N
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: "pf" drops all IPv6 fragments
  - From: S.P.Zeidler
- Re: "pf" drops all IPv6 fragments
  - From: Brian A. Seklecki (CFI NOC)
- Re: "pf" drops all IPv6 fragments
  - From: Martti Kuparinen
- Re: "pf" drops all IPv6 fragments
  - From: Thor Lancelot Simon

Prev by Date: Re: mount ugen0 ENE Flash UB6250 memory card?
Next by Date: Re: any support for Atheros AR9285 wireless and AR8132 ethernet?
Previous by Thread: mount ugen0 ENE Flash UB6250 memory card?
Next by Thread: Re: "pf" drops all IPv6 fragments
Indexes:

Home | Main Index | Thread Index | Old Index