[Bug 207087] kernel: r295285 in 10.2-STABLE breaks OpenVPN functionality
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Feb 16 14:42:50 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207087
--- Comment #38 from g_amanakis at yahoo.com ---
I think the problem lies here:
=======8<========
ip_fastfwd.c
if (ip_off & IP_DF) {
IPSTAT_INC(ips_cantfrag);
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG,
0, mtu);
goto consumed;
} else {
=======8<========
By the time the icmp_error() happens, m has gone through the firewall (see
"Step 5:" in ip_fastfwd.c, meaning that outgoing NAT has already happened and
that the source address of has already been changed to reflect the one of the
gateway. Thus when the icmp_error() takes place the ICMP is not sent to the
client.
Is this correct?
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-net
mailing list