On 2010-07-06, Tom Murphy <open...@pertho.net> wrote: > Hi, > > I just upgraded from June 20th snap to July 5th snap, and noticed the > match ... scrub (max-mss ####) lines are completely broken in pf. > > pfctl accepts them, but then I get all sorts of MTU problems. (Things > like ping working, but not http) > I took the lines out and then everything works fine, however, this rule > I had in for ages which had worked fine: > > match in all scrub (max-mss 1440) > > With that rule in with the July 5th snap, tcpdump reports: > > Jul 06 12:41:33.079144 00:00:24:cb:a6:64 00:90:d0:63:ff:3b 0800 74: > 87.194.102.137.50087 > 195.47.247.250.80:S 1253821828:1253821828(0) win > 5840 <[bad opt]> (DF) > > As soon as I remove the scrub rule out, it works fine again. > > This diff seems to be the culprit: > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.121;r2=1.122;f=h
the problem is due to an uncommitted diff in snapshots, please build your own -current for now.
