Re: Problems with Router Solicitation
This is a discussion on Re: Problems with Router Solicitation within the IPFilter forums, part of the System Security and Security Related category; [ Charset ISO-8859-1 unsupported, converting... ] > Hi, > > Is anyone having this kind of problem with IPF 4....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-10-2006
|
|||
|
|||
Re: Problems with Router Solicitation
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi, > > Is anyone having this kind of problem with IPF 4.1.x: > > http://www.netbsd.org/cgi-bin/query-...l?number=33423 I've found the problem. The call to frpr_pullup() in frpr_icmp6() does a "+ 8" that it doesn't need to, causing IPFilter to look for a minimum size of 16, which it can't pullup and then drops the packet. Patch below. Darren *** fil.c.dist Thu May 11 02:33:38 2006 --- fil.c Thu May 11 02:33:56 2006 *************** *** 703,709 **** int minicmpsz = sizeof(struct icmp6_hdr); struct icmp6_hdr *icmp6; ! if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN + 8 - sizeof(ip6_t)) == -1) return; if (fin->fin_dlen > 1) { --- 703,709 ---- int minicmpsz = sizeof(struct icmp6_hdr); struct icmp6_hdr *icmp6; ! if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN - sizeof(ip6_t)) == -1) return; if (fin->fin_dlen > 1) { 
|
Linear Mode
