Pf can reassemble IPv6 fragments now.
Obtained from: bluhm (OpenBSD) Sponsored by: Essen FreeBSD Hackathon
This commit is contained in:
kp
parent
52037e71a3
commit
2fcd3be83e
@ -28,7 +28,7 @@
|
||||
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd June 29, 2012
|
||||
.Dd July 25, 2015
|
||||
.Dt PF.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -2381,8 +2381,10 @@ Once this limit is reached, fragments that would have to be cached
|
||||
are dropped until other entries time out.
|
||||
The timeout value can also be adjusted.
|
||||
.Pp
|
||||
Currently, only IPv4 fragments are supported and IPv6 fragments
|
||||
are blocked unconditionally.
|
||||
When forwarding reassembled IPv6 packets, pf refragments them with
|
||||
the original maximum fragment size.
|
||||
This allows the sender to determine the optimal fragment size by
|
||||
path MTU discovery.
|
||||
.Sh ANCHORS
|
||||
Besides the main ruleset,
|
||||
.Xr pfctl 8
|
||||
|
||||
Loading…
Reference in New Issue
Block a user