PR kern/93849 IP checksum broken by pf no-df over bridge
Max Laier
max at love2party.net
Mon Mar 20 03:04:40 UTC 2006
On Sunday 19 March 2006 19:43, Andrew Thompson wrote:
> On Sat, Mar 04, 2006 at 04:02:26PM +0100, Max Laier wrote:
> > On Saturday 04 March 2006 15:51, Pieter de Boer wrote:
> > > Adam McDougall wrote:
> > > > Could someone possibly take a look at this and let me know if it
> > > > looks 'broken' or if I might be doing something wrong? I am in
> > > > a crunch to choose a firewall solution within a few weeks and it
> > > > would help me to know if this issue can be solved. FreeBSD/pf
> > > > seemed an appropriate solution so far, especially since it has
> > > > CARP, pfsync, (and altq which im not using (yet?)).
> > >
> > > You could try compiling pf using CFLAGS=-O instead of -O2. This fixed a
> > > checksum problem I had. That probably was an entirely different issue,
> > > but perhaps it does help..
> >
> > Can you try this patch and report back instead. Thanks and sorry for the
> > delay.
>
> Were you going to commit this? The user reported that it fixed the
> problem.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=93849
Sorry, forgot about this one while I was waiting for a fix upstream. I recall
that Daniel posted a more complete patch to OpenBSD's tech mailing list, but
don't see it committed yet.
If I don't hear otherwise, I'll take Daniel's patch to HEAD early this week.
Thanks for the reminder.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20060320/88c1f403/attachment.pgp
More information about the freebsd-net
mailing list