Date: Sun, 13 Mar 2005 02:08:23 +0100 From: Emanuel Strobl <emanuel.strobl@gmx.net> To: pyunyh@gmail.com Cc: pf@freebsd.org Subject: Re: pf panic trace Message-ID: <200503130208.28574@harrymail> In-Reply-To: <20050312050722.GC60892@kt-is.co.kr> References: <20050212061756.GF4769@kt-is.co.kr> <200503111712.36310@harrymail> <20050312050722.GC60892@kt-is.co.kr>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart7725314.xNGYgLQoxG Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Samstag, 12. M=E4rz 2005 06:07 schrieb Pyun YongHyeon: > On Fri, Mar 11, 2005 at 05:12:31PM +0100, Emanuel Strobl wrote: [...] > Hmm, Max and I had seen these kind of traces when pf porting > was in progress. But now I believe we fixed all possible > cases. > > I can't sure but your trace indicates there is a bug in > ip_fragment(). If a packet already set IP_MF flag in ip header, > we would get invalid ip_off in fragmented packet. > And it seems that there is another bug in pf. Since ip_fragment() > can change passed mbuf, we should not use saved copy of it. > Untested patch for CURRENT attached. Thank you very much for your work, unfortnately the box went in prodction=20 (authoritive Nameserver, Multihomed-Router) last week, so I can't do very=20 much testings because when nobody is in the office I can't reset the box, a= nd=20 if someone is there I can't take it down :( If the patch compiles on RELENG_5 I'll test it on monday evening. Thank you, =2DHarry --nextPart7725314.xNGYgLQoxG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCM5KMBylq0S4AzzwRAnhZAJ0ZoOivoKrYxKP4PjlJunC07mx87QCff7MG ZbQVyb4GvsqPn4C5RorAwos= =Cfdg -----END PGP SIGNATURE----- --nextPart7725314.xNGYgLQoxG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503130208.28574>