Date: 4 May 2000 08:14:27 -0000 From: blaze@sl.ru To: FreeBSD-gnats-submit@freebsd.org Subject: kern/18382: ICMP unreachable sent when ipfw drops packet Message-ID: <20000504081427.19587.qmail@auth.sl.ru>
next in thread | raw e-mail | index | archive | help
>Number: 18382
>Category: kern
>Synopsis: ICMP unreachable sent when ipfw drops packet
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 4 01:20:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Andrey Sverdlichenko
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
Any 5.0-CURRENT with INET and IPFILTER enabled.
>Description:
When IP packet dropped by ipfw on second call of ip_fw_chk(), ip_forward()
sends ICMP unreachable packet. This causes 2 ICMP packets sent if matched
rule was `unreach'. And if rule was `deny' it should just drop packet,
without notifying sender.
>How-To-Repeat:
On router:
ipfw add unreach 1 ip from your.host to other.host out
On your.host ping other.host and see tcpdump
>Fix:
--- ip_input.c.old Mon Mar 27 23:14:21 2000
+++ ip_input.c Wed May 3 21:03:11 2000
@@ -1561,6 +1561,10 @@
return;
}
}
+ if (error == EACCES) {
+ m_freem(mcopy);
+ mcopy = NULL;
+ }
if (mcopy == NULL)
return;
destifp = NULL;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000504081427.19587.qmail>