Date: Wed, 09 Feb 2005 21:48:18 +0100 From: Andre Oppermann <oppermann@networx.ch> To: "David G. Andersen" <dga@lcs.mit.edu> Cc: freebsd-net@freebsd.org Subject: Re: Kern/73129 and 5.3-STABLE Message-ID: <420A7712.45001B85@networx.ch> References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> <20050209203534.GA41287@lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
"David G. Andersen" wrote: > > On Wed, Feb 09, 2005 at 01:58:28PM -0500, David G. Andersen scribed: > > On Wed, Feb 09, 2005 at 06:33:11PM +0100, Andre Oppermann scribed: > > > > > > > > (Barring that, has anyone patched it in their own system, and if so, > > > > would you mind sending me the patch? I dislike running custom kernel > > > > code on these machines, but I'm happy to do so to get things working. :) > > > > > > Sorry, it'll be fixed in 5.4-RELEASE. I have made up my mind how to > > > fix it the most correct way. > > > > Should have CC:'d; sorry. > > > > Thanks much for the quick response, Andre. If there's a patch available, > > or any workaround you can think of, I'd love to know. Also, if you > > need a beta tester or a test machine, or if there's anything else I > > can do, please don't hesitate to ask. I'm happy to hack on it if > > needs be. > > To answer my own question - I removed the if local checks, and have > a functioning kernel again, back to whatever bug Andre's patch was > correcting. :) The problem is with locally generated packets which go the wrong way. This gets nasty when the box has to generate some path MTU discovery ICMP message and such. What I implemented is the correct thing to do and prevents foot-shooting. On the other hand it prevents people from forwarding local ports and such. Both sides of the coin have merit and there is no easy deciding between them or obvious right or wrong choice. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?420A7712.45001B85>