Re: kern/52074: -current npf map directive broken

To: Roy Marples <roy%marples.name@localhost>, Robert Elz <kre%munnari.OZ.AU@localhost>, Frank Kardel <kardel%netbsd.org@localhost>
Subject: Re: kern/52074: -current npf map directive broken
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Wed, 10 May 2017 09:33:25 -0400

On May 10,  1:22pm, roy%marples.name@localhost (Roy Marples) wrote:
-- Subject: Re: kern/52074: -current npf map directive broken

| > You also shouldn't be able to send from an address you don't own
| > (generally - a router has to be able to forward, as distinct from
| > originate, packets from anywhere of course).
| 
| This is what my initial code did.
| What I'm more concerned about though is the panic.
| I think we should revert xtos's change and solve the panic, as this just
| masks over it.

This is not about fixing the panic. It is about the ability of the packet
filter to construct packets for which the origin interface cannot be
determined from the packet source address.

christos

References:
- Re: kern/52074: -current npf map directive broken
  - From: Roy Marples

Prev by Date: Re: kern/52074: -current npf map directive broken
Next by Date: Re: kern/52074: -current npf map directive broken
Previous by Thread: Re: kern/52074: -current npf map directive broken
Next by Thread: Re: kern/52074: -current npf map directive broken
Indexes:

Home | Main Index | Thread Index | Old Index