diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2011-03-25 11:09:39 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2011-03-25 11:09:39 +0000 |
commit | 25e007c7a6d4ee41a23327c7b803a1223dcbc6eb (patch) | |
tree | c3e4bc020b86358d1aa4e7450285344a2190c94b | |
parent | f8085cb4f10da81f64e6026fe132a9bcbcf50a6a (diff) |
Pf can reassemble IPv6 fragments now.
ok jmc@
-rw-r--r-- | share/man/man5/pf.conf.5 | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index e777c1ffd24..64cdb31deda 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.489 2011/02/01 17:31:47 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.490 2011/03/25 11:09:38 bluhm Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 1 2011 $ +.Dd $Mdocdate: March 25 2011 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -2322,8 +2322,10 @@ Once this limit is reached, fragments that would have to be cached are dropped until other entries time out. The timeout value can also be adjusted. .Pp -Currently, only IPv4 fragments are supported and IPv6 fragments -are blocked unconditionally. +When forwarding reassembled IPv6 packets, pf refragments them with +the original maximum fragment size. +This allows the sender to determine the optimal fragment size by +path MTU discovery. .Ss Blocking Spoofed Traffic Spoofing is the faking of IP addresses, typically for malicious purposes. |