Date: Wed, 10 Mar 1999 21:38:40 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: rowan@sensation.net.au (Rowan Crowe) Cc: freebsd-isp@FreeBSD.ORG Subject: Re: fragmented packets Message-ID: <199903110538.VAA93891@bubba.whistle.com> In-Reply-To: <Pine.BSF.4.01.9903101449160.5619-100000@velvet.sensation.net.au> from Rowan Crowe at "Mar 10, 99 03:01:14 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Rowan Crowe writes: > Firstly, I'm not sure they're valid packets. Here's a small sample from > tcpdump -vfi ppp0 host 209.1.224.16: > > 14:48:45.993516 209.1.224.16.http > 203.20.114.3.timbuktu-srv3: FP 192316230:192317386(1156) ack 2204793872 win 8460 (frag 57245:1176@0+) (ttl 246) > 14:48:46.011204 209.1.224.16 > 203.20.114.3: (frag 57245:149@1176) (ttl 246) > 14:49:01.940357 209.1.224.16.http > 203.20.114.7.4366: FP 177375633:177376789(1156) ack 1825709182 win 9870 (frag 24914:1176@0+) (ttl 246) > 14:49:01.948698 209.1.224.16 > 203.20.114.7: (frag 24914:53@1176) (ttl 246) > > These packets are also blocked by ipfw, which reports junk port numbers: > > ipfw: 5 Deny TCP 209.1.224.16:11 203.20.114.3:2818 in via ppp0 Fragment = 147 > ipfw: 5 Deny TCP 209.1.224.16:50213 203.20.114.3:30500 in via ppp0 Fragment = 147 > ipfw: 5 Deny TCP 209.1.224.16:11 203.20.114.3:2818 in via ppp0 Fragment = 147 > ipfw: 5 Deny TCP 209.1.224.16:18683 203.20.114.3:42890 in via ppp0 Fragment = 147 This was a bug in ipfw where it incorrectly tries to match port numbers, etc. in fragments. Upgrade to 2.2.8 and the problem should go away. -Archie > FreeBSD 2.2.5-RELEASE, ppp0 at the moment is an ISDN connection to Telstra > Internet (australia). ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903110538.VAA93891>