OpenBSD Journal

FYI: issues with pf and ipv6 in -current

Contributed by grey on from the running with knives dept.

As posted to tech@ yesterday, there are currently some unresolved bugs with ipv6 & pf in -current.

Naturally, if you are running 3.5 -release or -stable you should be fine. Those who play with bleeding edge releases should already be aware of shortcomings such as this that arise and are resolved from time to time.

UPDATE: please note Daniel Hartmeier's follow up, stating that the offending changes have been backed out, thus confirming itojun's query found here.

Here is the original post:

List:       openbsd-tech
Subject:    pf and ip6
From:       Theo de Raadt 
Date:       2004-07-14 7:55:30
Message-ID: <200407140755.i6E7tUtj018595 () cvs ! openbsd ! org>

pf currently has a number of bugs regarding ipv6.  I suggest that
noone running -current rely on it.  It's been broken now in a variety
of ways for about 4 weeks, and only weak efforts are being made to
resolve the issues.

Sorry about that; but my efforts at compelling all the pf developers
to fix this have not gotten us anywhere.

(Comments are closed)


  1. By Daniel Hartmeier () daniel@benzedrine.cx on http://www.benzedrine.cx/

    Some problems resulted from the IPv6 scrubbing feature added recently, which was backed out again. That has resolved all problems attributed to pf and IPv6 that I know about.

    If there is anything left unresolved, please confirm after updating again (but beware of the flag day) and open a bug report. The lazy-ass pf developers can't fix bugs they don't know about. Thank you. :)

    1. By corey () on

      I don't know him, but I hope Mr. DeRaadt is being facetious. I'd hate to see one or more pf developer defections from OpenBSD :-)

      Seriously, pf is one very cool piece of software, and I think I can say that the user community appreciates the team's efforts.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]