Date: Fri, 27 Oct 2000 10:28:18 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw.c Message-ID: <20001027102818.A18067@sunbay.com> In-Reply-To: <200010270719.AAA80698@freefall.freebsd.org>; from ru@FreeBSD.org on Fri, Oct 27, 2000 at 12:19:20AM -0700 References: <200010270719.AAA80698@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 27, 2000 at 12:19:20AM -0700, Ruslan Ermilov wrote: > ru 2000/10/27 00:19:20 PDT > > Modified files: > sys/netinet ip_fw.c > Log: > Fetch the protocol header (TCP, UDP, ICMP) only from the first fragment > of IP datagram. This fixes the problem when firewall denied fragmented > packets whose last fragment was less than minimum protocol header size. > > Found by: Harti Brandt <brandt@fokus.gmd.de> > PR: kern/22309 > The symptoms were: # ipfw l 65535 allow ip from any to any # ifconfig lo0 mtu 1500 # ping -c1 -s1472 127.1 (works) # ping -c1 -s1474 127.1 (works) # ping -c1 -s1473 127.1 (does not work) /kernel: ipfw: -1 Refuse ICMP 127.0.0.1 127.0.0.1 in via lo0 Fragment = 185 Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001027102818.A18067>