* Ian Grant <ian.a.n.gr...@googlemail.com> [2014-10-25 18:15]:
> #ifdef INET6
> /* if reassembled packet passed, create new fragments */
> if (pf_status.reass && action == PF_PASS && *m0 && fwdir == PF_FWD) {
> struct m_tag *mtag;
>
> if ((mtag = m_tag_find(*m0, PACKET_TAG_PF_REASSEMBLED, NULL)))
> action = pf_refragment6(m0, mtag, fwdir);
> }
> #endif
>
> But from pf.c, the fn pf_test is only ever called with fwdir == PF_OUT
> and the only other places from which it is called are in if_bridge.c,
> and they set fwdir to either PF_OUT or PF_IN (aliased as BRIDGE_OUT
> and BRIDGE_IN respectively, when PF is enabled). Therefore fwdir ==
> PF_FWD never holds, and so reassembled IPv6 packets are never
> refragmented, contradicting the manual page pf.conf(5).
you need to improve your grepping skills :)
netinet6/ip6_forward.c:348: pf_test(AF_INET6, PF_FWD, encif,
&m, NULL) != PF_PASS) {
netinet6/ip6_forward.c:459: if (pf_test(AF_INET6, PF_FWD, rt->rt_ifp, &m,
NULL) != PF_PASS) {
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
