Date: Sun, 29 May 2016 09:14:13 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 207598] pf adds icmp unreach on gre/ipsec somehow Message-ID: <bug-207598-17777-v7TF2lc2p9@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-207598-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598 --- Comment #28 from Max <maximos@als.nnov.ru> --- (In reply to Kristof Provost from comment #27) Hello, Kristof. Thank you for your reply. I understand the logic of current implementation of pf_reassemble(). But it does not return a value directly to network stack. I think it could return PF_PASS only in single case: the packet is fully reassembled. Instead, pf_normalize_ip() does it: immediately returns PF_DROP if pf_reassemble() == PF_PASS && *m0 == NULL. I think, it is confusing a bit... In any way, this is just a suggestion. (: -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207598-17777-v7TF2lc2p9>