I belive this has to do with the ipv6 spec, where fragmentation is not
to occur, but path mtu discovery must happen, so the network you traverse
to a specific host must always maintain a packetsize no larger than the
smallest link.
--
Todd Fries .. [EMAIL PROTECTED]
(last updated $ToddFries: signature.p,v 1.2 2002/03/19 15:10:18 todd Exp $)
Penned by Kamil Andrusz on Wed, Nov 27, 2002 at 03:05:53PM +0100, we have:
| Vladimir Kotal <[EMAIL PROTECTED]>:
|
| > Hello,
| >
| > I'm trying to get PF working with large IPv6 packets. However, when sending
| > large ICMPv6 packets, I'v got blocked packets w/ following ruleset part:
| >
| > pass out quick on $gif_if inet6 \
| > from { $ourip6, fe80::/8 } to any keep state
| >
| > ping6 -s 3500 www.kame.net
| >
| > produced following:
| >
| > Nov 27 14:56:50.262413 rule 10/0(match): block in on gif0:
| > 2001:200:0:4819:210:f3ff:fe03:4d0 > 3ffe:80ee:38f::2: frag (0|1232)
| > icmp6: echo reply
| Quoting pf.conf(5):
| Currently, only IPv4 fragments are supported and IPv6 fragments are
| blocked unconditionally.
|
| Regards,
| Kamil Andrusz
| --
| It's just a matter of opinion.
