pf panic trace
Emanuel Strobl
emanuel.strobl at gmx.net
Sat Mar 12 17:08:38 PST 2005
Am Samstag, 12. März 2005 06:07 schrieb Pyun YongHyeon:
> On Fri, Mar 11, 2005 at 05:12:31PM +0100, Emanuel Strobl wrote:
[...]
> Hmm, Max and I had seen these kind of traces when pf porting
> was in progress. But now I believe we fixed all possible
> cases.
>
> I can't sure but your trace indicates there is a bug in
> ip_fragment(). If a packet already set IP_MF flag in ip header,
> we would get invalid ip_off in fragmented packet.
> And it seems that there is another bug in pf. Since ip_fragment()
> can change passed mbuf, we should not use saved copy of it.
> Untested patch for CURRENT attached.
Thank you very much for your work, unfortnately the box went in prodction
(authoritive Nameserver, Multihomed-Router) last week, so I can't do very
much testings because when nobody is in the office I can't reset the box, and
if someone is there I can't take it down :(
If the patch compiles on RELENG_5 I'll test it on monday evening.
Thank you,
-Harry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050313/8cfb3f23/attachment.bin
More information about the freebsd-pf
mailing list