[Differential] [Changed Subscribers] D1815: Evaluate packet size after the firewall had its chance
ae (Andrey V. Elsukov)
phabric-noreply at FreeBSD.org
Tue Feb 10 00:39:46 UTC 2015
ae added a subscriber: ae.
ae added a comment.
Since you are in ip6_forward(), this means ip6_input() has already checked this packet and PFIL had a chance to handle this packet.
IPv6 router should not do reassembling fragmented packets and do new fragmentation of them, but if you want, I think your packet filter should track these fragments on input. How do you tested this patch?
REVISION DETAIL
https://reviews.freebsd.org/D1815
To: kristof
Cc: ae, freebsd-net
More information about the freebsd-net
mailing list