significant increase in ipfw pullup failed
Brooks Davis
brooks at one-eyed-alien.net
Fri Apr 22 14:44:20 PDT 2005
On Fri, Apr 22, 2005 at 11:55:18AM -0700, Luigi Rizzo wrote:
> On Fri, Apr 22, 2005 at 08:25:00AM -1000, Randy Bush wrote:
> > > wonder if it is related to the recent import of ipfw v6 support...
> >
> > could be, no idea really. but fwiw, ipv6 is not enabled here.
>
> yes but there is some new code in the common path.
> anyways i have cc-ed Brooks who committed the code
I suspect this is due to over agressive pullups of icmp packets (at
least that's the most obvious place where the length changed) which are
caused by poor design of the icmp struct. We're pulling up the full
length and should instead be pulling up 4 bytes. I'm not sure what the
best fix it. Long term, creating a struct icmphdr is probably the right
answer. For now, the thing to do may be to add it and use it in ipfw,
but not modify struct icmp just yet.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20050422/a255ee65/attachment.bin
More information about the freebsd-current
mailing list