The following reply was made to PR kern/36309; it has been noted by GNATS.

From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@NetBSD.org
Cc: ipf-bug-people@NetBSD.org, gnats-admin@NetBSD.org,
	netbsd-bugs@NetBSD.org
Subject: Re: kern/36309
Date: Mon, 28 May 2007 08:20:38 +0200

 On Sun, May 27, 2007 at 10:45:02PM +0000, Darren Reed wrote:
 
 >  If you replace them all with the same check as above, does it still
 >  work properly for you?
 
 I will try this.
 
 >  I'm a little bit surprised that you got away with just one...
 
 The second case fixes the ports inside the embedded TCP/UDP header.
 Judging from how NetBSD handles NEEDFRAG messages, this information
 is simply ignored. I'd guess that Linux (running on the internet
 host in my case), does the same.
 
 The third case seems to handle ICMP error messages to ICMP messages.
 Is that possible (except for ECHO) ? In case of ECHO I'd guess
 that the contents of the answer is ignored as well.
 
 But I think both checks should be corrected like the first one.
 
 Greetings,
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."