Get RID of the multi threading patch in FreeBSDs version of PF
Darren Pilgrim
list_freebsd at bluerosetech.com
Mon Dec 8 00:31:32 UTC 2014
On 12/7/2014 2:57 AM, Kurt Jaeger wrote:
>> On 12/5/2014 6:09 PM, Martin Hanson wrote:
>>> Has any important bugs been fixed in PF on OpenBSD since the current
>>> port in FreeBSD that actually makes the current PF in FreeBSD
>>> "dangerous" to run with?
>>
>> FreeBSD's pf is broken for IPv6. Its lack of fragment support means a
>> FreeBSD breaks EDNS0 and other large-packet protocols that rely on
>> fragment headers.
>
> This was fixed recently as far as I understand.
>
> Have a look at
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392
>
> and
>
> https://svnweb.freebsd.org/changeset/base/274709
I think you're confused about the issue I described. I'm talking about
pf not supporting fragment headers and as such dropping fragmented
packets instead of statefully passing them.
See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=124933
More information about the freebsd-pf
mailing list