After wondering why my email was seeing MTU-like issues once I enabled
an AAAA record, I see that pf is dropping IPv6 packets that are
fragmented.
pf.conf(5):
1546: Currently, only IPv4 fragments are supported and IPv6 fragments are
blocked unconditionally.
in pf.c, under #ifdef INET6:
4402: do {
switch (pd2.proto) {
case IPPROTO_FRAGMENT:
/*
* ICMPv6 error messages for
* non-first fragments
*/
REASON_SET(reason, PFRES_FRAG);
return (PF_DROP);
I think that's the part we just don't bother parsing them. Or one of them. I've
had enable 'pass in inet6'.
Does anyone have any patches to enable this?
C.
--
020 7729 4797
http://blog.playlouder.com/
