https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291527
--- Comment #2 from [email protected] --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=ac4fb06d096d6308b9522f454b68fbfc45bb8531 commit ac4fb06d096d6308b9522f454b68fbfc45bb8531 Author: Kristof Provost <[email protected]> AuthorDate: 2025-12-10 16:27:51 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2025-12-11 09:25:33 +0000 pf: handle TTL expired during nat64 If the TTL (or hop limit) expires during nat64 translation we may need to send the error message in the original address family (i.e. pre-translation). We'd usually handle this in pf_route()/pf_route6(), but at that point we have already translated the packet, making it difficult to include it in the generated ICMP message. Check for this case in pf_translate_af() and send icmp errors directly from it. PR: 291527 MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D54166 sys/net/pfvar.h | 1 - sys/netpfil/pf/pf.c | 25 ++++++++++++++++++++----- tests/sys/netpfil/pf/nat64.py | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 6 deletions(-) -- You are receiving this mail because: You are the assignee for the bug.
