Date: Fri, 06 Sep 2024 15:42:20 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Message-ID: <bug-280701-7501-90FKc0N9R3@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280701-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-280701-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #80 from doktornotor <doktornotor@mailinator.com> --- As for the technical input: here is another *downstream* issue [1] with pf debug log (i.e., set debug misc) getting flooded (300K+/day) with > pf: ICMP error message too short (ip6) from ND (NS/NA) packets. That *downstream* issue also surprisingly goes away [2] when reverting [3] *all* those *upstream* patches related to FreeBSD-SA-24:05. Hmmmm... [1] https://github.com/opnsense/core/issues/7840 [2] https://forum.opnsense.org/index.php?topic=3D42632.msg211600#msg211600 [3] https://github.com/opnsense/src/commit/164bfe67604 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280701-7501-90FKc0N9R3>