From owner-freebsd-net@FreeBSD.ORG  Sat Apr  7 20:16:53 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CC82016A401
	for <net@freebsd.org>; Sat,  7 Apr 2007 20:16:53 +0000 (UTC)
	(envelope-from daved@tamu.edu)
Received: from sr-7-int.cis.tamu.edu (smtp-relay.tamu.edu [165.91.22.120])
	by mx1.freebsd.org (Postfix) with ESMTP id 9FF1813C44B
	for <net@freebsd.org>; Sat,  7 Apr 2007 20:16:51 +0000 (UTC)
	(envelope-from daved@tamu.edu)
Received: from localhost (localhost.tamu.edu [127.0.0.1])
	by sr-7-int.cis.tamu.edu (Postfix) with ESMTP id 784B04F90E
	for <net@freebsd.org>; Sat,  7 Apr 2007 15:01:11 -0500 (CDT)
Received: from [10.0.1.2] (pool-71-126-195-96.herntx.dsl-w.verizon.net
	[71.126.195.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by sr-7-int.cis.tamu.edu (Postfix) with ESMTP id AC39D4F903
	for <net@freebsd.org>; Sat,  7 Apr 2007 15:01:10 -0500 (CDT)
Mime-Version: 1.0 (Apple Message framework v752.2)
To: net@freebsd.org
Message-Id: <DD6B106A-C1CD-4A72-8F56-EDD9AE90AE38@tamu.edu>
Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-1-100374143;
	protocol="application/pkcs7-signature"
From: David Duchscher <daved@tamu.edu>
Date: Sat, 7 Apr 2007 15:01:09 -0500
X-Mailer: Apple Mail (2.752.2)
X-Virus-Scanned: amavisd-new at tamu.edu
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: pf + scrub fragment reassemble + if_bridge = bad?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Apr 2007 20:16:54 -0000


--Apple-Mail-1-100374143
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed

Ran into a problem the other day and wanted to drop a note and see
if I should followup with a PR.  Running a box as a bridging firewall
and ran into problem with giant packets being reported by the router
on one end and OSPF routing dropping.  Seems that once a packet is
reassembled by pf, it gets forward on through the bridge and out
onto the wire.  In this case, it was an OSPF packet that ended up
being 1540 bytes long .  Of course, turning off the scrub rules fix
the problem but I was wondering if this is expected behavior, a
bug, or has already been fix.

The box is running 6.1-RELEASE i386.  Network interfaces are em
gigabit interfaces with MTU at 1500.

Thanks,
--
DaveD


--Apple-Mail-1-100374143--