https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598
--- Comment #5 from Kristof Provost <[email protected]> --- (In reply to Max from comment #3) Scrubbing in both directions should be safe, even with fragment reassemble. In IPv4 it's OK for a frame to not fit in the MTU. The router will fragment. (There's special casing in pf to handle the IPv6 scenario, but that doesn't seem to be relevant here.) It's also very strange that the mss setting has an influence on ICMP packets. I'd only expect that to affect TCP streams. It'd be interesting to get packet captures here (tcpdump -n -i <interface> -s0 -w output.pcap) of both the ICMP echo request and the ICMP error packets. Ideally capture on an interface outside the GRE tunnel (so we get the GRE headers too). -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
