[Bug 207598] pf adds icmp unreach on gre/ipsec somehow

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat May 28 11:17:15 UTC 2016


--- Comment #20 from Kristof Provost <kp at freebsd.org> ---
Created attachment 170747
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=170747&action=edit
pf_frag_pass patch

(In reply to Max from comment #19)
You may be on to something there.

pf_reassemble() actually returns PF_PASS, but it's turned back into PF_DROP
later on.

It actually looks like this'd be a problem for IPv6 too.

Can you give the attached patch a try? I'm not completely happy with it, but it
should fix the problem.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-pf mailing list