Date: Tue, 18 Feb 2003 16:09:54 -0600 From: "Mark Johnston" <mjohnston@skyweb.ca> To: "'Brad Holman'" <brad@s4f.com> Cc: <freebsd-security@freebsd.org> Subject: Re: ipfw ecn issue(s) Message-ID: <002701c2d79a$77def0f0$be0fa8c0@MJOHNSTON> In-Reply-To: <OIEGKLCBDIHAHPKEPAJDEECJCKAA.brad@s4f.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brad Holman wrote: > According to the REL notes for v5.0R > (http://www.freebsd.org/releases/5.0R/DP1/relnotes-i386.html), there > is a fix incorporated for the issue: > > "ipfw(4) now filters correctly in the presence of ECN bits in TCP > segments." > > Is there a patch for version 4.x that can fix the problem without > having to upgrade? It looks like ipfw's ECN handling was fixed in 4-STABLE (and RELENG_3) back in January 2001, with rev 1.131.2.11 to RELENG_4. If you're using STABLE (or any 4.x) from after January 2001, you should be OK. You can also tell that the bug fix was merged to 4.x by the "[MERGED]" text in the release notes. If you're running something older than January 2001, you may be able to come up with your own patch; check http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw.c, revision 1.131.2.11, for the changes. Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002701c2d79a$77def0f0$be0fa8c0>