On 21 Feb 2021, at 0:02, Doug Hardie wrote:
On 20 February 2021, at 04:13, Kristof Provost
wrote:
If you don’t have scrub fragment reassemble set then you have to
include something like pass log inet6 proto ipv6-frag all to pass
fragmented packets (assuming you block by default).
You reall
> On 20 February 2021, at 04:13, Kristof Provost wrote:
>
> If you don’t have scrub fragment reassemble set then you have to include
> something like pass log inet6 proto ipv6-frag all to pass fragmented packets
> (assuming you block by default).
>
> You really, really want scrub fragment re
On 20 Feb 2021, at 5:32, Doug Hardie wrote:
On 19 February 2021, at 01:48, Michael Tuexen
wrote:
On 19. Feb 2021, at 03:29, Doug Hardie wrote:
I don't know if this is a feature or a bug. On FreeBSD 9, the
following ping worked:
ping6 -s 5000 -b 6000 fe80::213:72ff:fec3:180f%dc0
I don't
> On 20. Feb 2021, at 05:32, Doug Hardie wrote:
>
>> On 19 February 2021, at 01:48, Michael Tuexen
>> wrote:
>>
>>> On 19. Feb 2021, at 03:29, Doug Hardie wrote:
>>>
>>> I don't know if this is a feature or a bug. On FreeBSD 9, the following
>>> ping worked:
>>>
>>> ping6 -s 5000 -b 6000
> On 19 February 2021, at 01:48, Michael Tuexen
> wrote:
>
>> On 19. Feb 2021, at 03:29, Doug Hardie wrote:
>>
>> I don't know if this is a feature or a bug. On FreeBSD 9, the following
>> ping worked:
>>
>> ping6 -s 5000 -b 6000 fe80::213:72ff:fec3:180f%dc0
> I don't have a dc0 interface,
> On 19 February 2021, at 01:48, Michael Tuexen
> wrote:
>
>> On 19. Feb 2021, at 03:29, Doug Hardie wrote:
>>
>> I don't know if this is a feature or a bug. On FreeBSD 9, the following
>> ping worked:
>>
>> ping6 -s 5000 -b 6000 fe80::213:72ff:fec3:180f%dc0
> I don't have a dc0 interface,
> On 19. Feb 2021, at 03:29, Doug Hardie wrote:
>
> I don't know if this is a feature or a bug. On FreeBSD 9, the following ping
> worked:
>
> ping6 -s 5000 -b 6000 fe80::213:72ff:fec3:180f%dc0
I don't have a dc0 interface, but using re0 at one side and bge at the other, I
get
with FreeBSD CU
At Thu, 14 May 2009 14:42:35 -0700,
"Kevin Oberman" wrote:
> I then captured the ICMP and discovered that the kernel was fragmenting
> all of them! Worse, the fragment was sent out before the ICMP! What the
> heck is going on! Thread synchronization?
>
> When I captured the packets (via tcpdump
Steve Bertrand wrote:
> Kevin Oberman wrote:
>
>> Second, why the heck is the fragment going out first? This should be OK,
>> but I suspect many firewalls (which are often not happy with fragments)
>> are not likely to pass a fragment which precedes the initial frame.
>
> I'll try to find some ti
Kevin Oberman wrote:
> Second, why the heck is the fragment going out first? This should be OK,
> but I suspect many firewalls (which are often not happy with fragments)
> are not likely to pass a fragment which precedes the initial frame.
I'll try to find some time today to see if I can replicat
On Thu, 14 May 2009, Kevin Oberman wrote:
Hi,
Date: Fri, 15 May 2009 00:09:02 +0200 (CEST)
From: sth...@nethelp.no
First, why is the kernel fragmenting this at all as it fits in the
interface MTU?
Good question, I definitely disagree with this behavior and would say
that it breaks POLA. But
> Date: Fri, 15 May 2009 00:09:02 +0200 (CEST)
> From: sth...@nethelp.no
>
> > First, why is the kernel fragmenting this at all as it fits in the
> > interface MTU?
>
> Good question, I definitely disagree with this behavior and would say
> that it breaks POLA. But it's documented (see the ping6
> First, why is the kernel fragmenting this at all as it fits in the
> interface MTU?
Good question, I definitely disagree with this behavior and would say
that it breaks POLA. But it's documented (see the ping6 -m option).
> Can anyone fetch anything from ftp.funet.fi via IPv6? I suspect it is
>
13 matches
Mail list logo
