On Jul 10, 2007, at 8:45 AM, Greg Troxel wrote:
> gdb on netbsd-4 didn't like that info line command, but I compiled  
> fil.o
> with -S and matched up assembly and read the stabs and the offending
> line is:
>
> 			ip6 = (ip6_t *)((char *)icmp6 + ICMPERR_ICMPHLEN);
> 			if (IP6_NEQ(&fin->fin_fi.fi_dst,
> 				    (i6addr_t *)&ip6->ip6_src))
> 				fin->fin_flx |= FI_BAD;
>
> So I think it is faulting fetching the ip6 address from the  
> enclosed packet.

   Ahh!  Apologies for introducing myself into this conversation into  
the middle, but I recognized this.  :-)  There was a conversation  
about this on the IPFilter mailing list June 6-7 of 2007.  A pointer  
to the first message in the thread is:

http://marc.info/?l=ipfilter&m=118110355014240&w=2

   I don't know that it was ever concluded what the problem was, but  
Darren (and I) thought it sounded like an erroneous optimization by  
the compiler, rather than an error in the code.  Unclear whether the  
source of the data in that packet (ip6) would be easy (or possible)  
to manually align.  That is a question I'll leave to someone who  
knows the code much better.  :-)

                              - Chris