Darren Reed wrote: >> http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=33423 > > I've found the problem. The call to frpr_pullup() in frpr_icmp6() > does a "+ 8" that it doesn't need to, causing IPFilter to look > for a minimum size of 16, which it can't pullup and then drops the > packet. > > Patch below. > > Darren > > *** fil.c.dist Thu May 11 02:33:38 2006 > --- fil.c Thu May 11 02:33:56 2006 > *************** > *** 703,709 **** > int minicmpsz = sizeof(struct icmp6_hdr); > struct icmp6_hdr *icmp6; > > ! if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN + 8 - sizeof(ip6_t)) == -1) > return; > > if (fin->fin_dlen > 1) { > --- 703,709 ---- > int minicmpsz = sizeof(struct icmp6_hdr); > struct icmp6_hdr *icmp6; > > ! if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN - sizeof(ip6_t)) == -1) > return; > > if (fin->fin_dlen > 1) { > >
This fixes all my problems. I've committed the fix to NetBSD 3.99.x and requested the fix to be included in NetBSD 3.1. Martti
