This refers to the un-patched OpenBSD 5.5 source tree.
Whilst trying to understand the notion of "direction" of packet flow
in pf(4) I came across this potential problem:
In pf.conf(5) we have:
When forwarding reassembled IPv6 packets, pf refragments them with
the original maximum fragment size. This allows the sender to
determine the optimal fragment size by path MTU discovery.
The code that does this is pf_refragment6, and it is called from only
one place (from within sys/{net,netinet}), which is in pf.c, from the
function pf_test defined on line 6395--??. On lines 6731--6739 we
have:
#ifdef INET6
/* if reassembled packet passed, create new fragments */
if (pf_status.reass && action == PF_PASS && *m0 && fwdir == PF_FWD) {
struct m_tag *mtag;
if ((mtag = m_tag_find(*m0, PACKET_TAG_PF_REASSEMBLED, NULL)))
action = pf_refragment6(m0, mtag, fwdir);
}
#endif
But from pf.c, the fn pf_test is only ever called with fwdir == PF_OUT
and the only other places from which it is called are in if_bridge.c,
and they set fwdir to either PF_OUT or PF_IN (aliased as BRIDGE_OUT
and BRIDGE_IN respectively, when PF is enabled). Therefore fwdir ==
PF_FWD never holds, and so reassembled IPv6 packets are never
refragmented, contradicting the manual page pf.conf(5).
I can't offer any suggestions as to what the test should be, because I
don't yet understand the notion of direction in pf. But perhaps I'm
not the only one :-)
Ian
