Unfortunately pfctl references them if it sees ICMP_PHOTURIS defined. A quick search for these does show a lot of use out there between *BSD, linux, etc.
And http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xml#icmp-parameters-codes-40 shows a few more even and RFC2521 seems to be defining all of this. BTW: What happens if icmp_error gets something above ICMP_MAX_TYPE in? It appears we hard panic: if ((u_int)type > ICMP_MAXTYPE) panic("icmp_error"); James On Fri, Dec 23, 2011 at 2:12 PM, Christos Zoulas <chris...@astron.com> wrote: > In article <20111223220300.9e70b17...@cvs.netbsd.org>, > James Chacon <source-changes-d@NetBSD.org> wrote: >>-=-=-=-=-=- >> >> #define ICMP_PHOTURIS 40 /* security */ >>+#define ICMP_PHOTURIS_UNKNOWN_INDEX 1 /* Bad index */ >>+#define ICMP_PHOTURIS_AUTH_FAILED 2 /* Auth failed >>*/ >>+#define ICMP_PHOTURIS_DECRYPT_FAILED 3 /* Decrypt >>failed */ >> > > I don't know where ip_compat.h got these from, but they are wrong according > to the IANA assigment, and this is why I did not copy them. > > http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xml#icmp-parameters-codes-40 > > christos >