Checksumming outgoing packets in PF vs in ip[6]_output
Kristof Provost
kristof at sigsegv.be
Fri Nov 7 13:31:06 UTC 2014
On 2014-11-05 19:11:55 (+0100), Ilya Bakulin <ilya at bakulin.de> wrote:
> On 2014-11-05 19:00, Mark Felder wrote:
> > Now if we could only stamp out the bug with ipv6 fragment and pf I'd be
> > a happy, happy daemon. :-)
>
> This is somewhat more complex problem, I'll take a look as the time
> allows.
>
I've been playing with it too. I have a patch which seems to be working,
but it currently drops the distinction between PFRULE_FRAGCROP and
PFRULE_FRAGDROP. OpenBSD dropped that a while ago, but I figured FreeBSD
wouldn't want user-visible changes.
I've been meaning to look at that some more but ... ENOTIME.
It's tentatively planned as a project for Chaos Congress (end of
December), but no promises.
If you like I can probably dig up the (non-clean) patches for you.
Regards,
Kristof
More information about the freebsd-net
mailing list