From owner-freebsd-current@FreeBSD.ORG Fri Apr 22 21:44:20 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A11416A4CE for ; Fri, 22 Apr 2005 21:44:20 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00CBB43D2D for ; Fri, 22 Apr 2005 21:44:20 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j3MLiI4x004255; Fri, 22 Apr 2005 14:44:18 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j3MLiIJ4004254; Fri, 22 Apr 2005 14:44:18 -0700 Date: Fri, 22 Apr 2005 14:44:18 -0700 From: Brooks Davis To: Luigi Rizzo Message-ID: <20050422214418.GB11806@odin.ac.hmc.edu> References: <17001.9557.627987.505930@roam.psg.com> <17001.16520.774703.612151@roam.psg.com> <20050422112246.A70611@xorpc.icir.org> <17001.16764.512962.411616@roam.psg.com> <20050422115518.C70611@xorpc.icir.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dc+cDN39EJAMEtIO" Content-Disposition: inline In-Reply-To: <20050422115518.C70611@xorpc.icir.org> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: Randy Bush cc: FreeBSD Current Subject: Re: significant increase in ipfw pullup failed X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 21:44:20 -0000 --dc+cDN39EJAMEtIO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 22, 2005 at 11:55:18AM -0700, Luigi Rizzo wrote: > On Fri, Apr 22, 2005 at 08:25:00AM -1000, Randy Bush wrote: > > > wonder if it is related to the recent import of ipfw v6 support... > >=20 > > could be, no idea really. but fwiw, ipv6 is not enabled here. >=20 > yes but there is some new code in the common path. > anyways i have cc-ed Brooks who committed the code I suspect this is due to over agressive pullups of icmp packets (at least that's the most obvious place where the length changed) which are caused by poor design of the icmp struct. We're pulling up the full length and should instead be pulling up 4 bytes. I'm not sure what the best fix it. Long term, creating a struct icmphdr is probably the right answer. For now, the thing to do may be to add it and use it in ipfw, but not modify struct icmp just yet. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --dc+cDN39EJAMEtIO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCaXAxXY6L6fI4GtQRAnRaAKCE7ahNWiqco+zHtmSZOOGkXvrfDwCgqwCR b7ySf+Mw6ysvxaK2YuCtIWU= =75ub -----END PGP SIGNATURE----- --dc+cDN39EJAMEtIO--