[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193

--- Comment #7 from Kristof Provost <kp@freebsd.org> ---
(In reply to oleg from comment #6)
Packets can pass through pf multiple times. When forwarding they pass through
coming into the network and again on the way out (post-routing), for example.

In this case what I'm saying is that the original SYN packet that starts the
connection (and carries the MSS option) passes through pf once, does not hit
the scrub rule, because its going to go out epair0b, is then processed by the
'pass route-to' rule, which it matches and causes it to be sent out through
epair1b. It does not pass through pf a second time, so it does not hit the
scrub rule and does not get its MSS adjusted.

-- 
You are receiving this mail because:
You are on the CC list for the bug.