Seems like pf skips some packets.
Alexey Sopov
adler at smtp.ru
Fri Jul 13 09:03:09 UTC 2007
>> Why these packets weren't translated by pf nat rules or filtered by pf
>> block rule?
>>
>> Note they appear once in five seconds. Tried to modify frag parameter,
>> but this didn't help. Also I noticed they all have ACK bit set.
>>
>> Thank you.
SU> What is the date of your build (uname -a). There was a commit
SU> recently to fix fragmented packets w/ hardware checksums
SU> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/pf/net/pf_norm.c.diff?r1=1.11.2.4;r2=1.11.2.5;only_with_tag=RELENG_6
The date of my cvsup and build is Wed Jul 11 21:38:14 MSD 2007
I've checked /usr/src/sys/contrib/pf/net/pf_norm.c and noted it is
patched conform link you provided.
--
mailto:adler at smtp.ru
More information about the freebsd-stable
mailing list