Checksumming outgoing packets in PF vs in ip[6]_output
Ilya Bakulin
ilya at bakulin.de
Sun Nov 9 13:30:58 UTC 2014
On 07.11.14, 14:31, Kristof Provost wrote:
> On 2014-11-05 19:11:55 (+0100), Ilya Bakulin <ilya at bakulin.de> wrote:
>> On 2014-11-05 19:00, Mark Felder wrote:
>>> Now if we could only stamp out the bug with ipv6 fragment and pf I'd be
>>> a happy, happy daemon. :-)
>> This is somewhat more complex problem, I'll take a look as the time
>> allows.
>>
> I've been playing with it too. I have a patch which seems to be working,
> but it currently drops the distinction between PFRULE_FRAGCROP and
> PFRULE_FRAGDROP. OpenBSD dropped that a while ago, but I figured FreeBSD
> wouldn't want user-visible changes.
>
> I've been meaning to look at that some more but ... ENOTIME.
> It's tentatively planned as a project for Chaos Congress (end of
> December), but no promises.
>
> If you like I can probably dig up the (non-clean) patches for you.
>
> Regards,
> Kristof
>
Yes, please do it, would be interesting to look at your code!
--
Regards,
Ilya Bakulin
More information about the freebsd-net
mailing list