Date: Mon, 8 Apr 1996 15:38:05 PDT From: Bill Fenner <fenner@parc.xerox.com> To: Andreas Klemm <andreas@knobel.gun.de> Cc: current@freebsd.org Subject: Re: rc.firewall has some syntax errors and sample config hangs machine Message-ID: <96Apr8.153809pdt.177476@crevenia.parc.xerox.com> In-Reply-To: Your message of "Mon, 08 Apr 96 12:58:47 PDT." <Pine.BSF.3.92.960408215634.571B-100000@knobel.gun.de>
next in thread | previous in thread | raw e-mail | index | archive | help
The data path appears to me to be ip_input() -> ip_fw_chk() if the packet is bad, free it, either by calling icmp_error or explicitly, and return 0 if ip_fw_chk returned 0, goto bad bad: free packet e.g. ipfw seems to multiply free every bad packet on input. I think the fix is change the "goto bad" to "return" in ip_input(). (and to test stuff with a DIAGNOSTIC kernel before committing it?) Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?96Apr8.153809pdt.177476>