Date: Thu, 4 Sep 1997 17:15:21 +0200 (CEST) From: root@deadline.snafu.de (Andreas S. Wetzel) To: rbezuide@oskar.nanoteq.co.za (Reinier Bezuidenhout) Cc: mickey@deadline.snafu.de, bugs@FreeBSD.ORG Subject: Re: Bug in IPFW code ? Message-ID: <m0x6dcv-000Br6C@deadline.snafu.de> In-Reply-To: <199709041511.RAA11819@oskar.nanoteq.co.za> from Reinier Bezuidenhout at "Sep 4, 97 05:11:06 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Hi!
---
Reinier Bezuidenhout writes:
] > 230 Deny log udp from any to 194.121.229.32/28 111 via sl0
] >
] > This rule should drop udp packets to the sunrpc port coming in via interface
] > sl0. But instead it seems to deny random udp traffic to my network:
] >
] > Sep 4 16:13:09 gw-deadnet : /kernel: ipfw: 230 Deny UDP 130.83.22.1:17993 194.121.229.34:17732 in via sl0 Fragment = 123
]
] Yes I also have experienced this problem, it has to do - as far as I
] can recall - with the sequence of how the check is done in ip_fw.c ...
]
] The fragments after the first one doesn't have the ports etc set any
] more, but some checks are still performed and sometimes they match
] and causes this to happen.
]
] A temporary solution is to set the MTU for the slip line to 1500
] (this may degrade through put if you have a shaky line - I think) but
] seemed to solve the problem for now.
I will check this, although I think on a 33k6 analogue line this will
be some sort of ugly :-/
] You are runnng a 2.1.X releas, probably 2.1.7 right ??? I had a look
] at the filtering code in 2.2 and the sequence of checks has changed
] there and "should" solve this kind of problem.
This is happening on a 3.0-current box as of 08/30/97.
Regards, Mickey
--
(__)
(@@) Andreas S. Wetzel Mail: mickey@deadline.snafu.de
/-------\/ Utrechter Strasse 41 Web: http://cenotaph.snafu.de/
/ | || 13347 Berlin Fon: <+4930> 456 066 90
* ||----|| Germany Fax: <+4930> 456 066 91/92
~~ ~~
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0x6dcv-000Br6C>