[Bug 276856] pf no longer re-assembles fragments by default

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 07 Feb 2024 15:19:22 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276856

--- Comment #3 from mgrooms@shrew.net ---
I appreciate the pf work on FreeBSD. I've deployed it extensively and use it
daily.

There is nothing wrong with the new default behavior from my perspective. It's
just going to bite a lot of people who upgrade to 14 and rely on packet
encapsulation due to crypto ( or other use cases ). That adds overhead which
will causes fragmentation. The case was handled by default but now it must be
explicitly enabled. And, since it was the default, I would guess that some
users didn't know the option existed or what it was doing for them. Having
outdated docs doesn't help.

I wasn't aware of the newer pf syntax being implemented. Will have a look once
the documentation is updated to match.

-- 
You are receiving this mail because:
You are the assignee for the bug.