From owner-freebsd-pf@FreeBSD.ORG Sun Mar 13 01:08:38 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1B7D16A4CE for ; Sun, 13 Mar 2005 01:08:38 +0000 (GMT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id BD20C43D46 for ; Sun, 13 Mar 2005 01:08:37 +0000 (GMT) (envelope-from emanuel.strobl@gmx.net) Received: (qmail invoked by alias); 13 Mar 2005 01:08:36 -0000 Received: from flb.schmalzbauer.de (EHLO cale.flintsbach.schmalzbauer.de) (62.245.232.135) by mail.gmx.net (mp016) with SMTP; 13 Mar 2005 02:08:36 +0100 X-Authenticated: #301138 From: Emanuel Strobl To: pyunyh@gmail.com Date: Sun, 13 Mar 2005 02:08:23 +0100 User-Agent: KMail/1.7.2 References: <20050212061756.GF4769@kt-is.co.kr> <200503111712.36310@harrymail> <20050312050722.GC60892@kt-is.co.kr> In-Reply-To: <20050312050722.GC60892@kt-is.co.kr> X-Birthday: 10/06/72 X-CelPhone: +49 173 9967781 X-Tel: +49 89 18947781 X-Country: Germany X-Address: Munich, 80686 X-OS: FreeBSD MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart7725314.xNGYgLQoxG"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503130208.28574@harrymail> X-Y-GMX-Trusted: 0 cc: pf@freebsd.org Subject: Re: pf panic trace X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2005 01:08:38 -0000 --nextPart7725314.xNGYgLQoxG Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Samstag, 12. M=E4rz 2005 06:07 schrieb Pyun YongHyeon: > On Fri, Mar 11, 2005 at 05:12:31PM +0100, Emanuel Strobl wrote: [...] > Hmm, Max and I had seen these kind of traces when pf porting > was in progress. But now I believe we fixed all possible > cases. > > I can't sure but your trace indicates there is a bug in > ip_fragment(). If a packet already set IP_MF flag in ip header, > we would get invalid ip_off in fragmented packet. > And it seems that there is another bug in pf. Since ip_fragment() > can change passed mbuf, we should not use saved copy of it. > Untested patch for CURRENT attached. Thank you very much for your work, unfortnately the box went in prodction=20 (authoritive Nameserver, Multihomed-Router) last week, so I can't do very=20 much testings because when nobody is in the office I can't reset the box, a= nd=20 if someone is there I can't take it down :( If the patch compiles on RELENG_5 I'll test it on monday evening. Thank you, =2DHarry --nextPart7725314.xNGYgLQoxG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCM5KMBylq0S4AzzwRAnhZAJ0ZoOivoKrYxKP4PjlJunC07mx87QCff7MG ZbQVyb4GvsqPn4C5RorAwos= =Cfdg -----END PGP SIGNATURE----- --nextPart7725314.xNGYgLQoxG--