From owner-freebsd-pf@FreeBSD.ORG Tue Feb 3 20:25:27 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 245574E0; Tue, 3 Feb 2015 20:25:27 +0000 (UTC) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DCC0F96C; Tue, 3 Feb 2015 20:25:26 +0000 (UTC) Received: from vega.codepro.be (unknown [172.16.1.3]) by venus.codepro.be (Postfix) with ESMTP id 7E354B8C5; Tue, 3 Feb 2015 21:25:22 +0100 (CET) Received: by vega.codepro.be (Postfix, from userid 1001) id B4FB619AC; Tue, 3 Feb 2015 21:25:20 +0100 (CET) Date: Tue, 3 Feb 2015 21:25:20 +0100 From: Kristof Provost To: freebsd-pf@freebsd.org Subject: PF IPv6 fragments handling Message-ID: <20150203202519.GD2167@vega.codepro.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-PGP-Fingerprint: E114 D9EA 909E D469 8F57 17A5 7D15 91C6 9EFA F286 X-Checked-By-NSA: Probably User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Mark Felder X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Feb 2015 20:25:27 -0000 Hi, I have a couple of patches to let PF handle fragmented IPv6 packets. They've been uploaded to phabricator: https://reviews.freebsd.org/D1764 https://reviews.freebsd.org/D1765 https://reviews.freebsd.org/D1766 https://reviews.freebsd.org/D1767 Two of my systems are currently running them, seemingly without problems. Regards, Kristof