From owner-svn-src-all@freebsd.org Sat Jul 25 14:06:33 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47B709AAE26; Sat, 25 Jul 2015 14:06:33 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 380C51CAB; Sat, 25 Jul 2015 14:06:33 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6PE6XaN057854; Sat, 25 Jul 2015 14:06:33 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6PE6XMO057853; Sat, 25 Jul 2015 14:06:33 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201507251406.t6PE6XMO057853@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sat, 25 Jul 2015 14:06:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285871 - head/share/man/man5 X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jul 2015 14:06:33 -0000 Author: kp Date: Sat Jul 25 14:06:32 2015 New Revision: 285871 URL: https://svnweb.freebsd.org/changeset/base/285871 Log: Pf can reassemble IPv6 fragments now. Obtained from: bluhm (OpenBSD) Sponsored by: Essen FreeBSD Hackathon Modified: head/share/man/man5/pf.conf.5 Modified: head/share/man/man5/pf.conf.5 ============================================================================== --- head/share/man/man5/pf.conf.5 Sat Jul 25 13:02:41 2015 (r285870) +++ head/share/man/man5/pf.conf.5 Sat Jul 25 14:06:32 2015 (r285871) @@ -28,7 +28,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 29, 2012 +.Dd July 25, 2015 .Dt PF.CONF 5 .Os .Sh NAME @@ -2381,8 +2381,10 @@ Once this limit is reached, fragments th are dropped until other entries time out. The timeout value can also be adjusted. .Pp -Currently, only IPv4 fragments are supported and IPv6 fragments -are blocked unconditionally. +When forwarding reassembled IPv6 packets, pf refragments them with +the original maximum fragment size. +This allows the sender to determine the optimal fragment size by +path MTU discovery. .Sh ANCHORS Besides the main ruleset, .Xr pfctl 8