From owner-freebsd-bugs@FreeBSD.ORG  Thu Apr 24 04:20:15 2003
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 21CCA37B401
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 24 Apr 2003 04:20:15 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 81EE443F93
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 24 Apr 2003 04:20:14 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h3OBKEUp042210
	for <freebsd-bugs@freefall.freebsd.org>;
	Thu, 24 Apr 2003 04:20:14 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h3OBKECU042207;
	Thu, 24 Apr 2003 04:20:14 -0700 (PDT)
Date: Thu, 24 Apr 2003 04:20:14 -0700 (PDT)
Message-Id: <200304241120.h3OBKECU042207@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Maxim Konovalov <maxim@macomnet.ru>
Subject: Re: kern/51341: ipfw rule 'deny icmp from any to any icmptype 5'
 matches fragmented icmp packets
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Maxim Konovalov <maxim@macomnet.ru>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2003 11:20:16 -0000

The following reply was made to PR kern/51341; it has been noted by GNATS.

From: Maxim Konovalov <maxim@macomnet.ru>
To: land@dnepr.net
Cc: bug-followup@freebsd.org, luigi@freebsd.org
Subject: Re: kern/51341: ipfw rule 'deny icmp from any to any icmptype 5'
 matches fragmented icmp packets
Date: Thu, 24 Apr 2003 15:14:05 +0400 (MSD)

 Hello,
 
 Could you please test a patch below? Thanks.
 
 Index: sys/netinet/ip_fw.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
 retrieving revision 1.131.2.39
 diff -u -r1.131.2.39 ip_fw.c
 --- sys/netinet/ip_fw.c	20 Jan 2003 02:23:07 -0000	1.131.2.39
 +++ sys/netinet/ip_fw.c	24 Apr 2003 11:12:02 -0000
 @@ -1434,7 +1434,7 @@
  			struct icmp *icmp;
 
  			if (offset != 0)	/* Type isn't valid */
 -				break;
 +				continue;
  			icmp = (struct icmp *) ((u_int32_t *)ip + ip->ip_hl);
  			if (!icmptype_match(icmp, f))
  				continue;
 
 %%%
 
 -- 
 Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org