[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: ip_len byte swapping problem
From: Matt Impett <M.Impett () flarion ! com>
Date: 2002-06-28 23:02:33
[Download RAW message or body]
Hello,
I just recently started using ipfilter, and I have noticed something
strange. First, some info:
System: FreeBSD 4.3-RELEASE
Now, in my setup I have one ethernet device, xl0. I also have one tunnel
device I have configured as gif0. I added one ipfilter rule which looked
like this:
block in quick on xl0 to gif0 from 10.1.128.6 to any
Basically, I wanted to take all traffic from source address 10.1.128.6 and
push it out tunnel device gif0, which is implementing IP-in-IP
encapsulation. What I have noticed from running tcpdump is that the packets
get sent out the tunnel, but the ip_len field of the inner ip header is byte
swapped. I looked at ip_fil.c and I think I found the culprit lines in
ipfr_fastroute(), where the ip_len field is byte swapped once, and then byte
swapped again after a call to the interface's output routine.
Anyway, I looked at the most recent version of ipfilter from the website
(version 3.4.28) and the offending lines are removed (in addition to many
other changes). So, I was wondering if its okay to remove these lines from
ip_fil.c (line #s 1401-1405):
if (i) {
ip->ip_id = ntohs(ip->ip_id);
ip->ip_len = ntohs(ip->ip_len);
ip->ip_off = ntohs(ip->ip_off);
}
Or, perhaps there is a patch for the version of ipfilter I have. I couldn't
find the version I have anywhere, but the version of ip_fil.c is sccsid 2.41
and rcsid 1.14.2.4.
Or, could I just upgrade to the newest version of ipfilter?? Is this
compatible with FreeBSD 4.3??
thanks,
matt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic