From owner-freebsd-current Thu Oct 26 7: 1:16 2000 Delivered-To: freebsd-current@freebsd.org Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14]) by hub.freebsd.org (Postfix) with ESMTP id E3B6537B479 for ; Thu, 26 Oct 2000 07:01:12 -0700 (PDT) Received: from beagle (beagle [193.175.132.100]) by mailhub.fokus.gmd.de (8.8.8/8.8.8) with ESMTP id QAA11332 for ; Thu, 26 Oct 2000 16:01:07 +0200 (MET DST) Date: Thu, 26 Oct 2000 16:01:07 +0200 (CEST) From: Harti Brandt To: current@freebsd.org Subject: Bug in ip_fw.c? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I stumbled over an interesting problem: the current kernel's NFS client code blocks when reading files of size 2828 byte over NFSv3 (see kern/22309). Today I tracked the problem down. It appears, that an IP packet cannot be reassembled, when the last fragment of it is from 1 to 7 bytes long. For some reason I have IP_FIREWALL and IP_FIREWALL_DEFAULT_TO_ACCEPT in my kernel config (well, the reason is, that I wanted to play with 'sting'). Although there is a comment in ip_fw.c that it is not a problem, when an incoming packet is a fragment with off!=0, it appears to be a problem, if the packet is too short to contain a UDP header. ip_fw insists on having an UDP header (around line 1002) and drops the packet as a bogus fragment, if it is too short for a header. I think, this is wrong. Because I'm not too firm with the firewall code, I have no fix. Regards, harti -- harti brandt, http://www.fokus.gmd.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.gmd.de, harti@begemot.org, lhbrandt@mail.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message