I stumbled over an interesting problem: the current kernel's NFS client
code blocks when reading files of size 2828 byte over NFSv3 (see
kern/22309). Today I tracked the problem down. It appears, that an IP
packet cannot be reassembled, when the last fragment of it is from 1 to 7
bytes long.

For some reason I have IP_FIREWALL and IP_FIREWALL_DEFAULT_TO_ACCEPT in my
kernel config (well, the reason is, that I wanted to play with
'sting'). Although there is a comment in ip_fw.c that it is not a problem,
when an incoming packet is a fragment with off!=0, it appears to be a
problem, if the packet is too short to contain a UDP header. ip_fw insists
on having an UDP header (around line 1002) and drops the packet as a bogus
fragment, if it is too short for a header. I think, this is wrong.

Because I'm not too firm with the firewall code, I have no fix.

harti brandt, http://www.fokus.gmd.de/research/cc/cats/employees/hartmut.brandt/private

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to