[ Charset ISO-8859-1 unsupported, converting... ]
> Hi,
>
> Is anyone having this kind of problem with IPF 4.1.x:
>
> http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=33423
I've found the problem. The call to frpr_pullup() in frpr_icmp6()
does a "+ 8" that it doesn't need to, causing IPFilter to look
for a minimum size of 16, which it can't pullup and then drops the
packet.
Patch below.
Darren
*** fil.c.dist Thu May 11 02:33:38 2006
--- fil.c Thu May 11 02:33:56 2006
***************
*** 703,709 ****
int minicmpsz = sizeof(struct icmp6_hdr);
struct icmp6_hdr *icmp6;
! if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN + 8 - sizeof(ip6_t)) == -1)
return;
if (fin->fin_dlen > 1) {
--- 703,709 ----
int minicmpsz = sizeof(struct icmp6_hdr);
struct icmp6_hdr *icmp6;
! if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN - sizeof(ip6_t)) == -1)
return;
if (fin->fin_dlen > 1) {
