[Bug 207598] pf adds icmp unreach on gre/ipsec somehow

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun May 29 09:14:13 UTC 2016


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598

--- Comment #28 from Max <maximos at als.nnov.ru> ---
(In reply to Kristof Provost from comment #27)
Hello, Kristof.
Thank you for your reply. I understand the logic of current implementation of
pf_reassemble(). But it does not return a value directly to network stack. I
think it could return PF_PASS only in single case: the packet is fully
reassembled. Instead, pf_normalize_ip() does it: immediately returns PF_DROP if
pf_reassemble() == PF_PASS && *m0 == NULL. I think, it is confusing a bit...
In any way, this is just a suggestion. (:

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-pf mailing list