Subject: Re: fix m_tag for PF_GENERATED packets in icmp_error
To: None <tech-net@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: tech-net
Date: 07/09/2006 18:11:08
In article <20060709165010.GB293@beta.martani.repy.czf>,
Pavel Cahyna  <pavel@NetBSD.org> wrote:
>On Sun, Jul 09, 2006 at 04:17:11PM +0200, Peter Postma wrote:
>> This patch has been a while in my tree and I completely forgot it...
>> 
>> It moves the PF_GENERATED m_tag to the new packet in icmp_error.
>> This is needed because the pf code can call icmp_error with setting
>> this tag, but the new packet should not be filtered when it comes back
>> to pf(4).
>
>To me, introducing pf-specific code outside dist/pf looks like an
>abstraction violation.

PF_GENERATED means generated by "a" packet filter, not necessarily "pf".

christos