Date: Sat, 28 May 2016 21:40:22 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 207598] pf adds icmp unreach on gre/ipsec somehow Message-ID: <bug-207598-17777-fo1cSXlFJ5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207598 --- Comment #26 from Max <maximos@als.nnov.ru> --- Does it look reasonable? We should use consistent return values in pf_reassemble(), I think. --- pf_norm.c.orig 2016-05-28 23:40:52.171196000 +0300 +++ pf_norm.c 2016-05-28 23:50:39.912093000 +0300 @@ -623,7 +623,7 @@ pf_reassemble(struct mbuf **m0, struct i m =3D *m0 =3D NULL; if (!pf_isfull_fragment(frag)) - return (PF_PASS); /* drop because *m0 is NULL, no error */ + return (PF_DROP); /* We have all the data */ frent =3D TAILQ_FIRST(&frag->fr_queue); @@ -1284,8 +1284,6 @@ pf_normalize_ip(struct mbuf **m0, int di return (PF_DROP); m =3D *m0; - if (m =3D=3D NULL) - return (PF_DROP); /* use mtag from concatenated mbuf chain */ pd->pf_mtag =3D pf_find_mtag(m); IPv6 versions should be fixed too. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207598-17777-fo1cSXlFJ5>