Date: Thu, 24 Apr 2003 04:20:14 -0700 (PDT) From: Maxim Konovalov <maxim@macomnet.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/51341: ipfw rule 'deny icmp from any to any icmptype 5' matches fragmented icmp packets Message-ID: <200304241120.h3OBKECU042207@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/51341; it has been noted by GNATS. From: Maxim Konovalov <maxim@macomnet.ru> To: land@dnepr.net Cc: bug-followup@freebsd.org, luigi@freebsd.org Subject: Re: kern/51341: ipfw rule 'deny icmp from any to any icmptype 5' matches fragmented icmp packets Date: Thu, 24 Apr 2003 15:14:05 +0400 (MSD) Hello, Could you please test a patch below? Thanks. Index: sys/netinet/ip_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.131.2.39 diff -u -r1.131.2.39 ip_fw.c --- sys/netinet/ip_fw.c 20 Jan 2003 02:23:07 -0000 1.131.2.39 +++ sys/netinet/ip_fw.c 24 Apr 2003 11:12:02 -0000 @@ -1434,7 +1434,7 @@ struct icmp *icmp; if (offset != 0) /* Type isn't valid */ - break; + continue; icmp = (struct icmp *) ((u_int32_t *)ip + ip->ip_hl); if (!icmptype_match(icmp, f)) continue; %%% -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304241120.h3OBKECU042207>