From owner-freebsd-bugs  Thu Sep  4 08:15:35 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA04536
          for bugs-outgoing; Thu, 4 Sep 1997 08:15:35 -0700 (PDT)
Received: from cenotaph.snafu.de (gw-deadnet.snafu.de [194.121.229.33])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id IAA04531
          for <bugs@FreeBSD.ORG>; Thu, 4 Sep 1997 08:15:31 -0700 (PDT)
Received: by cenotaph.snafu.de from deadline.snafu.de using smtp
	  id m0x6dcw-000340C; Thu, 4 Sep 1997 17:15:22 +0200 (CEST)
	  (Smail-3.2.0.96 1997-Jun-2 #1)
Received: by deadline.snafu.de
	  id m0x6dcv-000Br6C; Thu, 4 Sep 1997 17:15:21 +0200 (CEST)
	  (Smail-3.2.0.96 1997-Jun-2 #1)
Message-Id: <m0x6dcv-000Br6C@deadline.snafu.de>
From: root@deadline.snafu.de (Andreas S. Wetzel)
Subject: Re: Bug in IPFW code ?
To: rbezuide@oskar.nanoteq.co.za (Reinier Bezuidenhout)
Date: Thu, 4 Sep 1997 17:15:21 +0200 (CEST)
Cc: mickey@deadline.snafu.de, bugs@FreeBSD.ORG
In-Reply-To: <199709041511.RAA11819@oskar.nanoteq.co.za> from Reinier Bezuidenhout at "Sep 4, 97 05:11:06 pm"
Organization: A world stranger than you have ever imagined.
X-Mailer: ELM [version 2.4ME+ PL13]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Hi!
---

Reinier Bezuidenhout writes:
] > 230 Deny log udp from any to 194.121.229.32/28 111 via sl0
] > 
] > This rule should drop udp packets to the sunrpc port coming in via interface
] > sl0. But instead it seems to deny random udp traffic to my network:
] > 
] > Sep  4 16:13:09 gw-deadnet : /kernel: ipfw: 230 Deny UDP 130.83.22.1:17993 194.121.229.34:17732 in via sl0 Fragment = 123
] 
] Yes I also have experienced this problem, it has to do - as far as I
] can recall - with the sequence of how the check is done in ip_fw.c ...
] 
] The fragments after the first one doesn't have the ports etc set any
] more, but some checks are still performed and sometimes they match
] and causes this to happen.
] 
] A temporary solution is to set the MTU for the slip line to 1500
] (this may degrade through put if you have a shaky line - I think) but
] seemed to solve the problem for now.

I will check this, although I think on a 33k6 analogue line this will
be some sort of ugly :-/

] You are runnng a 2.1.X releas, probably 2.1.7 right ???  I had a look
] at the filtering code in 2.2 and the sequence of checks has changed
] there and "should" solve this kind of problem.

This is happening on a 3.0-current box as of 08/30/97.

Regards, Mickey

-- 
          (__)     
          (@@)    Andreas S. Wetzel       Mail: mickey@deadline.snafu.de
   /-------\/     Utrechter Strasse 41     Web: http://cenotaph.snafu.de/
  / |     ||      13347 Berlin             Fon: <+4930> 456 066 90
 *  ||----||      Germany                  Fax: <+4930> 456 066 91/92
    ~~    ~~