kern/51341: ipfw rule 'deny icmp from any to any icmptype 5'
matches fragmented icmp packets
Maxim Konovalov
maxim at macomnet.ru
Thu Apr 24 04:20:16 PDT 2003
The following reply was made to PR kern/51341; it has been noted by GNATS.
From: Maxim Konovalov <maxim at macomnet.ru>
To: land at dnepr.net
Cc: bug-followup at freebsd.org, luigi at freebsd.org
Subject: Re: kern/51341: ipfw rule 'deny icmp from any to any icmptype 5'
matches fragmented icmp packets
Date: Thu, 24 Apr 2003 15:14:05 +0400 (MSD)
Hello,
Could you please test a patch below? Thanks.
Index: sys/netinet/ip_fw.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
retrieving revision 1.131.2.39
diff -u -r1.131.2.39 ip_fw.c
--- sys/netinet/ip_fw.c 20 Jan 2003 02:23:07 -0000 1.131.2.39
+++ sys/netinet/ip_fw.c 24 Apr 2003 11:12:02 -0000
@@ -1434,7 +1434,7 @@
struct icmp *icmp;
if (offset != 0) /* Type isn't valid */
- break;
+ continue;
icmp = (struct icmp *) ((u_int32_t *)ip + ip->ip_hl);
if (!icmptype_match(icmp, f))
continue;
%%%
--
Maxim Konovalov, maxim at macomnet.ru, maxim at FreeBSD.org
More information about the freebsd-bugs
mailing list