https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284866
--- Comment #3 from commit-h...@freebsd.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=86f2641b99f01eb8e8191c4435f22c17433b0c2f commit 86f2641b99f01eb8e8191c4435f22c17433b0c2f Author: Kristof Provost <k...@freebsd.org> AuthorDate: 2025-02-19 12:28:33 +0000 Commit: Kristof Provost <k...@freebsd.org> CommitDate: 2025-02-19 13:34:45 +0000 pf: fix icmp-in-icmp handling with if-bound states When we receive an ICMP packet containing another ICMP packet we look up the original ICMP state. This is done through a second struct pf_pdesc ('pd2'), containing relevant information (i.e. addresses, type, id, ..). pd2 did not contain the network interface ('kif'), leading to state lookup failures. This only affected if-bound mode, because floating states match all interfaces. Set kif in pd2. Extend the icmp.py:test_fragmentation_needed test case to use if-bound mode. It already checked that we handled icmp-in-icmp correctly. PR: 284866 MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") sys/netpfil/pf/pf.c | 1 + tests/sys/netpfil/pf/icmp.py | 1 + 2 files changed, 2 insertions(+) -- You are receiving this mail because: You are the assignee for the bug.
