Date: Sat, 7 Apr 2007 16:20:40 -0500 From: David Duchscher <daved@tamu.edu> To: Andrew Thompson <thompsa@freebsd.org> Cc: net@freebsd.org Subject: Re: pf + scrub fragment reassemble + if_bridge = bad? Message-ID: <E81A4F7B-4E5B-409D-A49B-805F20F3DB01@tamu.edu> In-Reply-To: <20070407205139.GD64415@heff.fud.org.nz> References: <DD6B106A-C1CD-4A72-8F56-EDD9AE90AE38@tamu.edu> <20070407205139.GD64415@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-2-105144997 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Apr 7, 2007, at 3:51 PM, Andrew Thompson wrote: > On Sat, Apr 07, 2007 at 03:01:09PM -0500, David Duchscher wrote: >> Ran into a problem the other day and wanted to drop a note and see >> if I should followup with a PR. Running a box as a bridging firewall >> and ran into problem with giant packets being reported by the router >> on one end and OSPF routing dropping. Seems that once a packet is >> reassembled by pf, it gets forward on through the bridge and out >> onto the wire. In this case, it was an OSPF packet that ended up >> being 1540 bytes long . Of course, turning off the scrub rules fix >> the problem but I was wondering if this is expected behavior, a >> bug, or has already been fix. >> >> The box is running 6.1-RELEASE i386. Network interfaces are em >> gigabit interfaces with MTU at 1500. > > You are quite right and this has been fixed from 6.2. You will either > need to upgrade to that or manually apply r1.11.2.31 Sweet and thanks. I swear I looked for a fix had already been committed but obviously I missed it. -- DaveD --Apple-Mail-2-105144997--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E81A4F7B-4E5B-409D-A49B-805F20F3DB01>