From owner-freebsd-current  Mon Apr  8 15:39:07 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id PAA08233
          for current-outgoing; Mon, 8 Apr 1996 15:39:07 -0700 (PDT)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id PAA08226
          for <current@freebsd.org>; Mon, 8 Apr 1996 15:39:04 -0700 (PDT)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <15490(7)>; Mon, 8 Apr 1996 15:38:15 PDT
Received: from localhost by crevenia.parc.xerox.com with SMTP id <177476>; Mon, 8 Apr 1996 15:38:09 -0700
To: Andreas Klemm <andreas@knobel.gun.de>
cc: current@freebsd.org
Subject: Re: rc.firewall has some syntax errors and sample config hangs machine 
In-reply-to: Your message of "Mon, 08 Apr 96 12:58:47 PDT."
             <Pine.BSF.3.92.960408215634.571B-100000@knobel.gun.de> 
Date: Mon, 8 Apr 1996 15:38:05 PDT
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <96Apr8.153809pdt.177476@crevenia.parc.xerox.com>
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

The data path appears to me to be

	ip_input()

	->	ip_fw_chk()
		if the packet is bad, free it, either by calling icmp_error
		 or explicitly, and return 0
	if ip_fw_chk returned 0, goto bad

bad:
	free packet

e.g. ipfw seems to multiply free every bad packet on input.

I think the fix is change the "goto bad" to "return" in ip_input().
(and to test stuff with a DIAGNOSTIC kernel before committing it?)

  Bill