i've decided to rewrite the description to faciliate the review
process.
currently icmp6->icmp translation fails because of the incorrect
"icmp direction" check in pf_icmp_state_lookup. first of all it
checks all icmp packets except for the "echo reply". the reasons
for this are unknown. it wor
still looking for ok's for this version of the diff.
although i've got mcbride's and claudio's oks for the
older version, this is the one i consider correct.
On Fri, Oct 28, 2011 at 3:59 PM, Mike Belopuhov wrote:
> hi,
>
> icmp6->icmp translation does't work because of the strange "icmp direction
pfctl should not infer the af-to behavior from the af/naf
difference. instead, we should be clear that this is an
af-to rule. essentially this diff converts FOM_AFTO marker
into a rule flag PFRULE_AFTO so that we don't rely on
ambiguous checks (like r->af != r->naf) when setting things up.
also,
gt;
> - Marc Balmer
>
>
> Von: Max Laier
> Datum: 20. August 2009 17:33:24 GMT+02:00
> An: tech@openbsd.org
> Betreff: Fwd: PF fix.
>
>
> The problem Pawel discovered (s.b.) still exists in OpenBSD current.
> I sent
> Pawel's analysis to Henning and Ryan yes
Max Laier has problems getting Email through the OpenBSD MX, so I am
forwarding this for him.
- Marc Balmer
Von: Max Laier
Datum: 20. August 2009 17:33:24 GMT+02:00
An: tech@openbsd.org
Betreff: Fwd: PF fix.
The problem Pawel discovered (s.b.) still exists in OpenBSD current.
I sent
