Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Dec 2004 11:47:00 +0900
From:      Pyun YongHyeon <yongari@kt-is.co.kr>
To:        gtg062h@mail.gatech.edu
Cc:        freebsd-pf@freebsd.org
Subject:   Re: FreeBSD bridge + filtering, BIG problem
Message-ID:  <20041206024700.GA744@kt-is.co.kr>
In-Reply-To: <7c8f27920412051617123672bf@mail.gmail.com>
References:  <20041201045203.262D443D5C@mx1.FreeBSD.org> <20041201110912.GA9840@kt-is.co.kr> <7c8f27920412010523730447de@mail.gmail.com> <20041202033920.GC12155@kt-is.co.kr> <7c8f27920412051617123672bf@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 05, 2004 at 07:17:05PM -0500, Josh Kayse wrote:

[...]

 > 
 > I managed to get your patch to apply to FreeBSD RELENG_5.
 > 
 > I have a question about the bridge_fragment function though.  Would
 > this prevent packets from linux NFS clients from working, the
 > fragmented ones with the DF flag set?  Thanks for any information.
 > 

I guess this has nothing to do with bridge. AFAIK, linux is known
to generate fragmented packets with DF bit set. Normally, scrub
rule of pf drops the fragmented packet that was told not to
framgent(i.e. DF bit set)
You may need an additional option "no-df" to pass the packet in
scrub rule.

 > I'll post the patch later if anyone wants it.  It hasn't been

Great! I believe, your patch would be quite useful to FreeBSD
pf/ipf users.

 > thoroughly tested but is currently running on a bridge setup in my
 > test lab with my work machine behind it.
 > 

One note, don't be fooled by "netstat -m" output after patching your
system. Its statistics were broken on 5.3R. For instance, on my P3 SMP:

19926 mbufs in use
4294938777/19136 mbuf clusters in use (current/max)
^^^^^^^^^^^^^^^^
0/4/5040 sfbufs in use (current/peak/max)
4142247 KBytes allocated to network
^^^^^^^^^^^^^^
0 requests for sfbufs denied
0 requests for sfbufs delayed
0 requests for I/O initiated by sendfile
270 calls to protocol drain routines

 > -josh
 > 
 > -- 
 > Joshua Kayse
 > Computer Engineering

-- 
Regards,
Pyun YongHyeon
http://www.kr.freebsd.org/~yongari	|	yongari@freebsd.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041206024700.GA744>