This patch has been a while in my tree and I completely forgot it...

It moves the PF_GENERATED m_tag to the new packet in icmp_error.
This is needed because the pf code can call icmp_error with setting
this tag, but the new packet should not be filtered when it comes back
to pf(4).

Ok to commit?


Index: ip_icmp.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.99
diff -u -r1.99 ip_icmp.c
--- ip_icmp.c	29 Mar 2006 21:13:55 -0000	1.99
+++ ip_icmp.c	9 Jul 2006 12:22:09 -0000
@@ -232,6 +232,7 @@
 	unsigned oiplen = oip->ip_hl << 2;
 	struct icmp *icp;
 	struct mbuf *m;
+	struct m_tag *mtag;
 	unsigned icmplen, mblen;
 
 #ifdef ICMPPRINTFS
@@ -355,6 +356,12 @@
 	nip->ip_p = IPPROTO_ICMP;
 	nip->ip_src = oip->ip_src;
 	nip->ip_dst = oip->ip_dst;
+	/* move PF_GENERATED m_tag to new packet, if it exists */
+	mtag = m_tag_find(n, PACKET_TAG_PF_GENERATED, NULL);
+	if (mtag != NULL) {
+		m_tag_unlink(n, mtag);
+		m_tag_prepend(m, mtag);
+	}
 	icmp_reflect(m);
 
 freeit:

-- 
Peter Postma