Am Tue, 23 Apr 2024 09:50:33 -0500 schrieb Matthew Grooms <[email protected]>:
> Sorry. I didn't missed some of the previous details here, but I see you > mention pf below. Did you happen to see this? > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276856 Ah, great. No, I hadn't seen that before, thanks. This certainly looks like it might be the cause of the issue I see, although I'm not sure I fully understand the situation. What I get so far is that * 14.0 does not reassemble packets by default anymore when using scrub while 13.x did * 14.0 silently drops fragmented packets by default where 13.x didn't Is that correct? That would probably explain why tftp couldn't pass my vpn tunnel anymore. What I am using in my pf.conf is a simple --- scrub in all --- From the bug report I get that either using --- scrub fragment reassemble --- or --- set reassemble yes --- should be able to fix this and get the old behaviour back? I remember playing with the "scrub fragment" option last week, but maybe I didn't try to explicitely turn it on as that was described as default in the manpage. Anyway, I'll look into this again, thank you very much for the pointer. One more question: Looking at the linked reviews: https://reviews.freebsd.org/D42355 https://reviews.freebsd.org/D42270 These appear to address the issue. I can get to the actual commit from the review: https://reviews.freebsd.org/rGede5d4ff5b39ccbc193c30fb6c093c7c4de9a464 Is there an easy way to find out where this commit ends up, i.e., whether it is merged into 14.0, 14.1 or so? cu Gerrit
smime.p7s
Description: S/MIME cryptographic signature
