Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: npf bug(?)

In article <>,
 <> wrote:
>because of the problems of kern/52036 I tried to switch to npf. 
>Unfortunately there are other problems.
>Without npf everything works as expected. With activated npf works a 
>normal IPv6 ping over the router into the Internet, e.g.
>It also works ping with jumbo packages:
>ping6 -s 2000
>In this case tcpdump of the routers outgoing interface reports:
>14:04:54.106503 IP6 2001:638:902:1::11 > 2a02:2e0:3fe:1001:7777:772e:2:85: 
>frag (0|1232) ICMP6, echo request, seq 13, length 1232
>14:04:54.106520 IP6 2001:638:902:1::11 > 2a02:2e0:3fe:1001:7777:772e:2:85: 
>frag (1232|776)
>If I enable npf whith the following rules:
>group default {
>         pass final all;
>ping6 still works. But the icmp message from 'ping6 -s 2000 
>' is droped at the outside interface of the router.

Is that NetBSD-current?


Home | Main Index | Thread Index | Old Index