[Bug 276856] pf no longer re-assembles fragments by default

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276856

--- Comment #5 from Michal Scigocki <michal.os@hotmail.com> ---
I looked some more into what happen to pf fragmentation between 13.2 and 14.0.
The updates from this review: https://reviews.freebsd.org/D38025 made some
changes to scrub and some other pf features. In file pf_norm.c, the default
path for a fragmented packet changed from PASS to DROP. The condition on line
1090 in that file on 14.0-RELEASE (currently also the same line number on
14-STABLE) makes the decision to DROP.

This has since been fixed on CURRENT (default behaviour will PASS a fragmented
packet again). The updates were part of the following reviews:
- fix to source code + tests: https://reviews.freebsd.org/D42355
- fix to documentation: https://reviews.freebsd.org/D42270

I think what is left is just getting the exiting updates from reviews D42355
and D42270 into 14-STABLE.

-- 
You are receiving this mail because:
You are the assignee for the bug.