kern/82806: ipnat doesn't handle out of order fragments.
Mark Andrews
Mark_Andrews at isc.org
Fri Jul 1 05:40:23 GMT 2005
The following reply was made to PR kern/82806; it has been noted by GNATS.
From: Mark Andrews <Mark_Andrews at isc.org>
To: bug-followup at FreeBSD.org, Mark_Andrews at isc.org
Cc:
Subject: Re: kern/82806: ipnat doesn't handle out of order fragments.
Date: Fri, 01 Jul 2005 15:38:38 +1000
I suspect the best fix to this is to attempt reassembly after
ipfr_nat_knownfrag() succeeds (there is a additional fragment now)
or before calling ipfr_nat_newfrag() and only calling ipfr_nat_newfrag()
if the reassembly fails in which case you would also add the fragment to
the fragment cache. If reassembly fails stop further processing on this
packet and wait for the next fragment.
More information about the freebsd-bugs
mailing list