From owner-cvs-all Fri Oct 27 0:28:27 2000 Delivered-To: cvs-all@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 4D2E537B479; Fri, 27 Oct 2000 00:28:21 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id e9R7SIB18415; Fri, 27 Oct 2000 10:28:18 +0300 (EEST) (envelope-from ru) Date: Fri, 27 Oct 2000 10:28:18 +0300 From: Ruslan Ermilov To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw.c Message-ID: <20001027102818.A18067@sunbay.com> Mail-Followup-To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org References: <200010270719.AAA80698@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010270719.AAA80698@freefall.freebsd.org>; from ru@FreeBSD.org on Fri, Oct 27, 2000 at 12:19:20AM -0700 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Oct 27, 2000 at 12:19:20AM -0700, Ruslan Ermilov wrote: > ru 2000/10/27 00:19:20 PDT > > Modified files: > sys/netinet ip_fw.c > Log: > Fetch the protocol header (TCP, UDP, ICMP) only from the first fragment > of IP datagram. This fixes the problem when firewall denied fragmented > packets whose last fragment was less than minimum protocol header size. > > Found by: Harti Brandt > PR: kern/22309 > The symptoms were: # ipfw l 65535 allow ip from any to any # ifconfig lo0 mtu 1500 # ping -c1 -s1472 127.1 (works) # ping -c1 -s1474 127.1 (works) # ping -c1 -s1473 127.1 (does not work) /kernel: ipfw: -1 Refuse ICMP 127.0.0.1 127.0.0.1 in via lo0 Fragment = 185 Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message