> On Jul 23, 2014, at 15:59, Bjoern A. Zeeb <bzeeb-li...@lists.zabbadoz.net> 
> wrote:
> There was (is?) another case that in certain situations with certain pf 
> options IPv6/ULP packets would not pass or get corrupted.  I think no one who 
> experienced it never tracked it down to the code but I am sure there are PRs 
> for this;  best bet is that not all header sizes are equal and length/offsets 
> into IPv6 packets are different to IPv4, especially when you scrub.

scrub reassemble tcp breaks all ipv6 tcp traffic since FreeBSD 9.0. Well, not 
entirely "breaks" but things seem to be going at a rate of a poor dialup 
connection. This is similar to what I've experienced with pf + tso on Xen. 
Related? Possibly! I'd hazard a guess the reassembling of tcp on IPv6 is 
breaking checksums?

Upstream pf from OpenBSD has removed this feature entirely and (I believe) 
reworked their scrubbing, but I don't know the details. I can confirm that when 
reassemble tcp existed on OpenBSD it never broke traffic for me.

Synproxy and IPv6 was also broken last I knew. I can't remember the symptoms, 
but it was probably "nothing works". I recall synproxy has always been one of 
those "you're gonna shoot your eye out kid" features, but some people have used 
it successfully.
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to