[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 frags



I belive this has to do with the ipv6 spec, where fragmentation is not
to occur, but path mtu discovery must happen, so the network you traverse
to a specific host must always maintain a packetsize no larger than the
smallest link.
-- 
Todd Fries .. [email protected]
(last updated $ToddFries: signature.p,v 1.2 2002/03/19 15:10:18 todd Exp $)
Penned by Kamil Andrusz on Wed, Nov 27, 2002 at 03:05:53PM +0100, we have:
| Vladimir Kotal <[email protected]>:
| 
| > Hello,
| >
| > I'm trying to get PF working with large IPv6 packets. However, when sending
| > large ICMPv6 packets, I'v got blocked packets w/ following ruleset part:
| >
| > pass out quick on $gif_if inet6 \
| >         from { $ourip6, fe80::/8 } to any keep state
| >
| > ping6 -s 3500 www.kame.net 
| >
| > produced following:
| >
| > Nov 27 14:56:50.262413 rule 10/0(match): block in on gif0:
| > 2001:200:0:4819:210:f3ff:fe03:4d0 > 3ffe:80ee:38f::2: frag (0|1232)
| > icmp6: echo reply
| Quoting pf.conf(5):
|      Currently, only IPv4 fragments are supported and IPv6 fragments are
|      blocked unconditionally.
| 
| Regards,
| Kamil Andrusz
| -- 
| It's just a matter of opinion.