Date: Sat, 28 May 2016 11:17:13 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 207598] pf adds icmp unreach on gre/ipsec somehow Message-ID: <bug-207598-17777-EJJQQ5QpWN@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207598 --- Comment #20 from Kristof Provost <kp@freebsd.org> --- Created attachment 170747 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D170747&action= =3Dedit pf_frag_pass patch (In reply to Max from comment #19) You may be on to something there. pf_reassemble() actually returns PF_PASS, but it's turned back into PF_DROP later on. It actually looks like this'd be a problem for IPv6 too. Can you give the attached patch a try? I'm not completely happy with it, bu= t it should fix the problem. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207598-17777-EJJQQ5QpWN>