From owner-freebsd-net@FreeBSD.ORG  Sat Apr  7 21:04:53 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2305616A400
	for <net@freebsd.org>; Sat,  7 Apr 2007 21:04:53 +0000 (UTC)
	(envelope-from thompsa@freebsd.org)
Received: from heff.fud.org.nz (203-109-251-39.static.bliink.ihug.co.nz
	[203.109.251.39])
	by mx1.freebsd.org (Postfix) with ESMTP id BDCC013C46C
	for <net@freebsd.org>; Sat,  7 Apr 2007 21:04:52 +0000 (UTC)
	(envelope-from thompsa@freebsd.org)
Received: by heff.fud.org.nz (Postfix, from userid 1001)
	id E6B301CC58; Sun,  8 Apr 2007 08:51:39 +1200 (NZST)
Date: Sun, 8 Apr 2007 08:51:39 +1200
From: Andrew Thompson <thompsa@freebsd.org>
To: David Duchscher <daved@tamu.edu>
Message-ID: <20070407205139.GD64415@heff.fud.org.nz>
References: <DD6B106A-C1CD-4A72-8F56-EDD9AE90AE38@tamu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <DD6B106A-C1CD-4A72-8F56-EDD9AE90AE38@tamu.edu>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: net@freebsd.org
Subject: Re: pf + scrub fragment reassemble + if_bridge = bad?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Apr 2007 21:04:53 -0000

On Sat, Apr 07, 2007 at 03:01:09PM -0500, David Duchscher wrote:
> Ran into a problem the other day and wanted to drop a note and see
> if I should followup with a PR.  Running a box as a bridging firewall
> and ran into problem with giant packets being reported by the router
> on one end and OSPF routing dropping.  Seems that once a packet is
> reassembled by pf, it gets forward on through the bridge and out
> onto the wire.  In this case, it was an OSPF packet that ended up
> being 1540 bytes long .  Of course, turning off the scrub rules fix
> the problem but I was wondering if this is expected behavior, a
> bug, or has already been fix.
> 
> The box is running 6.1-RELEASE i386.  Network interfaces are em
> gigabit interfaces with MTU at 1500.

You are quite right and this has been fixed from 6.2. You will either
need to upgrade to that or manually apply r1.11.2.31


cheers,
Andrew