Date: Thu, 26 Oct 2000 16:01:07 +0200 (CEST) From: Harti Brandt <brandt@fokus.gmd.de> To: current@freebsd.org Subject: Bug in ip_fw.c? Message-ID: <Pine.BSF.4.21.0010261541360.338-100000@beagle.fokus.gmd.de>
next in thread | raw e-mail | index | archive | help
Hi, I stumbled over an interesting problem: the current kernel's NFS client code blocks when reading files of size 2828 byte over NFSv3 (see kern/22309). Today I tracked the problem down. It appears, that an IP packet cannot be reassembled, when the last fragment of it is from 1 to 7 bytes long. For some reason I have IP_FIREWALL and IP_FIREWALL_DEFAULT_TO_ACCEPT in my kernel config (well, the reason is, that I wanted to play with 'sting'). Although there is a comment in ip_fw.c that it is not a problem, when an incoming packet is a fragment with off!=0, it appears to be a problem, if the packet is too short to contain a UDP header. ip_fw insists on having an UDP header (around line 1002) and drops the packet as a bogus fragment, if it is too short for a header. I think, this is wrong. Because I'm not too firm with the firewall code, I have no fix. Regards, harti -- harti brandt, http://www.fokus.gmd.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.gmd.de, harti@begemot.org, lhbrandt@mail.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010261541360.338-100000>