https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598
--- Comment #19 from Max <[email protected]> --- I've never read FreeBSD sources, except pf's last week... probably I'm wrong. ip_input()->ip_forward()->ip_output()->ip_output_pfil()->pfil_run_hooks()->pf_test(). If ip_output() returns any error, then in ip_forward(): error = ip_output(...); ... switch (error) { case 0: /* forwarded, but need redirect */ /* type, code set above */ break; ... default: type = ICMP_UNREACH; code = ICMP_UNREACH_HOST; break; ... icmp_error(...); So, we have incoming fragment of echo request. There are two options: 1. pf returns PF_PASS -> ip_output() returns 0 -> everything is OK 2. pf returns PF_DROP -> ip_output() returns nonzero value -> we have icmp-unreach message. pf returns PF_DROP when we have (implicit) "scrub out on...". Please, correct me if I missing something. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
