https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598
--- Comment #27 from Kristof Provost <[email protected]> --- (In reply to Max from comment #26) I think what we need to do is very carefully go through all the return paths in pf. There's basically three scenarios: * Accept packet (modified or not) => return PF_PASS *m0 is the mbuf * Reject the packet (i.e tell the stack it couldn't be sent) => return PF_DROP * Drop the packet (i.e. it vanishes, do not tell the stack it couldn't be sent) => return PF_PASS, *m0 is NULL. The pf_isfull_fragment() check needs to return PF_PASS (with *m0 == NULL), because the packet was just buffered until we have the full (reassembled) packet. It's not been rejected. The if (m == NULL) check is really required, because we do set *m0 to NULL during reassembly. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
