Re: PF silently dropping IPv6 packets

To: current-users%NetBSD.org@localhost
Subject: Re: PF silently dropping IPv6 packets
From: Martti Kuparinen <martti.kuparinen%iki.fi@localhost>
Date: Tue, 16 Feb 2010 16:14:41 +0200

Martti Kuparinen wrote:

15:49:19.114873 rule 46/0(match): block in on vlan200: (hlim 119,next-header: Fragment (44), length: 34) 2001:yyyy:yyyy:yyyy::e0fe >2001:xxxx:xxxx:xxxx::3: frag (0x00004194:0|26) ICMP6, echo reply, length26, seq 1
which is this this rule

pass out all flags S/SA keep state (if-bound)


Uh, wrong rule line, it's really a similar block in all rule...

Now, we modified the client not to follow the draft so there's no fragmentheader within the IPv6 packet and now PF passes it through. So the fragmentheader makes PF confused somehow...


Martti

Follow-Ups:
- Re: PF silently dropping IPv6 packets
  - From: Greg Troxel

References:
- PF silently dropping IPv6 packets
  - From: Martti Kuparinen
- Re: PF silently dropping IPv6 packets
  - From: Fredrik Pettai
- Re: PF silently dropping IPv6 packets
  - From: Martti Kuparinen

Prev by Date: Re: PF silently dropping IPv6 packets
Next by Date: Re: PF silently dropping IPv6 packets
Previous by Thread: Re: PF silently dropping IPv6 packets
Next by Thread: Re: PF silently dropping IPv6 packets
Indexes:

Home | Main Index | Thread Index | Old Index