Date: Wed, 30 Aug 2000 06:32:40 +1000 (EST) From: Darren Reed <darrenr@reed.wattle.id.au> To: ru@FreeBSD.org (Ruslan Ermilov) Cc: net@FreeBSD.org, wollman@FreeBSD.org, fenner@FreeBSD.org, darrenr@FreeBSD.org, kannanv@malgudi.research.bell-labs.com, volf@oasis.IAEhv.nl Subject: Re: CFR: patch for ICMP error generation bugs Message-ID: <200008292032.HAA19847@avalon.reed.wattle.id.au> In-Reply-To: <20000829192913.A39253@sunbay.com> from Ruslan Ermilov at "Aug 29, 0 07:29:13 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
In some email I received from Ruslan Ermilov, sie wrote:
> Hi!
>
> There are at least two problem reports PR 16240 and PR 20877
> that this patch addresses. You can easily see yourself what
> gets wrong by monitoring ICMP error messages containing part
> of original datagram with `tcpdump -vvnx icmp' and comparing
> the original datagram with one in generated ICMP error. You
> will notice that sometimes fields are in host byte order, or
> TTL field is decremented.
>
> At least one case is not fixed by this patch -- in an IPFW
> based firewall, when we have a `unreach foo' rule matching
> `out'going packets, the ip_ttl field is still decremented.
[...]
1. I wouldn't remove the {}'s for the "ip (!ipstealth)" bit.
This is more aesthetics some might argue :)
2. IMHO, "IPSTEALTH" should disappear. I understand why someone
wants it but as a general "kernel option" I think it is right
out of place. Let someone hack it into ipfw directly if they
feel they desperately need it. But that's a separate issue.
I'd not seen where it was/what it did until now. Anyone for
changing FreeBSD's name to "HackBSD" ? ;-)
3. Your patch does fix up an imbalance on where HTONS()/NTOHS()
- almost. ip_id should not be converted *back* to network
byte order until the other fields are. This should get rid
of your changes around the ipfw check in ip_output() ?
Darren
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008292032.HAA19847>