> On Jul 23, 2014, at 15:59, Bjoern A. Zeeb <bzeeb-li...@lists.zabbadoz.net> > wrote: > > There was (is?) another case that in certain situations with certain pf > options IPv6/ULP packets would not pass or get corrupted. I think no one who > experienced it never tracked it down to the code but I am sure there are PRs > for this; best bet is that not all header sizes are equal and length/offsets > into IPv6 packets are different to IPv4, especially when you scrub. >
scrub reassemble tcp breaks all ipv6 tcp traffic since FreeBSD 9.0. Well, not entirely "breaks" but things seem to be going at a rate of a poor dialup connection. This is similar to what I've experienced with pf + tso on Xen. Related? Possibly! I'd hazard a guess the reassembling of tcp on IPv6 is breaking checksums? Upstream pf from OpenBSD has removed this feature entirely and (I believe) reworked their scrubbing, but I don't know the details. I can confirm that when reassemble tcp existed on OpenBSD it never broke traffic for me. Synproxy and IPv6 was also broken last I knew. I can't remember the symptoms, but it was probably "nothing works". I recall synproxy has always been one of those "you're gonna shoot your eye out kid" features, but some people have used it successfully. _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
