From owner-freebsd-isp  Wed Mar 10 21:40:27 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7])
	by hub.freebsd.org (Postfix) with ESMTP id 9B92515064
	for <freebsd-isp@FreeBSD.ORG>; Wed, 10 Mar 1999 21:39:51 -0800 (PST)
	(envelope-from archie@whistle.com)
Received: (from archie@localhost)
	by bubba.whistle.com (8.9.2/8.9.2) id VAA93891;
	Wed, 10 Mar 1999 21:38:40 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199903110538.VAA93891@bubba.whistle.com>
Subject: Re: fragmented packets
In-Reply-To: <Pine.BSF.4.01.9903101449160.5619-100000@velvet.sensation.net.au> from Rowan Crowe at "Mar 10, 99 03:01:14 pm"
To: rowan@sensation.net.au (Rowan Crowe)
Date: Wed, 10 Mar 1999 21:38:40 -0800 (PST)
Cc: freebsd-isp@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Rowan Crowe writes:
> Firstly, I'm not sure they're valid packets. Here's a small sample from
> tcpdump -vfi ppp0 host 209.1.224.16:
> 
> 14:48:45.993516 209.1.224.16.http > 203.20.114.3.timbuktu-srv3: FP 192316230:192317386(1156) ack 2204793872 win 8460 (frag 57245:1176@0+) (ttl 246)
> 14:48:46.011204 209.1.224.16 > 203.20.114.3: (frag 57245:149@1176) (ttl 246)
> 14:49:01.940357 209.1.224.16.http > 203.20.114.7.4366: FP 177375633:177376789(1156) ack 1825709182 win 9870 (frag 24914:1176@0+) (ttl 246)
> 14:49:01.948698 209.1.224.16 > 203.20.114.7: (frag 24914:53@1176) (ttl 246)
> 
> These packets are also blocked by ipfw, which reports junk port numbers:
> 
> ipfw: 5 Deny TCP 209.1.224.16:11 203.20.114.3:2818 in via ppp0 Fragment = 147
> ipfw: 5 Deny TCP 209.1.224.16:50213 203.20.114.3:30500 in via ppp0 Fragment = 147
> ipfw: 5 Deny TCP 209.1.224.16:11 203.20.114.3:2818 in via ppp0 Fragment = 147
> ipfw: 5 Deny TCP 209.1.224.16:18683 203.20.114.3:42890 in via ppp0 Fragment = 147

This was a bug in ipfw where it incorrectly tries to match port
numbers, etc. in fragments. Upgrade to 2.2.8 and the problem
should go away.

-Archie

> FreeBSD 2.2.5-RELEASE, ppp0 at the moment is an ISDN connection to Telstra
> Internet (australia).

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message