Hi, I just upgraded from June 20th snap to July 5th snap, and noticed the match ... scrub (max-mss ####) lines are completely broken in pf.
pfctl accepts them, but then I get all sorts of MTU problems. (Things like ping working, but not http) I took the lines out and then everything works fine, however, this rule I had in for ages which had worked fine: match in all scrub (max-mss 1440) With that rule in with the July 5th snap, tcpdump reports: Jul 06 12:41:33.079144 00:00:24:cb:a6:64 00:90:d0:63:ff:3b 0800 74: 87.194.102.137.50087 > 195.47.247.250.80:S 1253821828:1253821828(0) win 5840 <[bad opt]> (DF) As soon as I remove the scrub rule out, it works fine again. This diff seems to be the culprit: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.121;r2=1.122;f=h Tom
