kern/82806: ipnat doesn't handle out of order fragments.
Mark Andrews
Mark_Andrews at isc.org
Thu Jun 30 01:20:06 GMT 2005
>Number: 82806
>Category: kern
>Synopsis: ipnat doesn't handle out of order fragments.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 30 01:20:05 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Mark Andrews
>Release: FreeBSD 4.11-STABLE i386
>Organization:
ISC
>Environment:
System: FreeBSD bsdi.dv.isc.org 4.11-STABLE FreeBSD 4.11-STABLE #22: Mon Jan 3 22:18:47 EST 2005 marka at bsdi.dv.isc.org:/usr/obj/usr/src/sys/BSDI i386
>Description:
It looks like ipnat doesn't handle out of order fragments.
>How-To-Repeat:
Setup ipnat and try to make the following query from a machine behind the
nat box. The response is large enough to cause fragmentation (DNS payload
of 1734) and depending upon the fragment order you may or may not get a
response.
Using a 9.3.x version of dig.
dig dlv gmail.com.dlv.verisignlabs.com @ns1.dlv.verisignlabs.com +dnssec
Note: ipf is setup to handle out of order fragments. The above query always
works on the nat box itself regardless of the fragment order (checked
with "tcpdump -n -i sis0 -s 0 host 65.201.175.17" where sis0 is the
external interface).
Out of order fragments are not passed to the internal box (again
checked w/ tcpdump on the the internal box). In order fragments are
returned.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list