Re: [m0n0wall-dev] 1.3b2 - IP fragments not passed

From:	Manuel Kasper <mk at neon1 dot net>
To:	Frank Edwards <fedwards at internode dot on dot net>
Cc:	<m0n0wall dash dev at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall-dev] 1.3b2 - IP fragments not passed
Date:	Sun, 29 Jul 2007 22:53:31 +0200

Hi Frank,

On 29.07.2007, at 08:47, Frank Edwards wrote:

> You're right. I've updated the patch (below) to handle this. "Allow
> fragmented packets" option must be enabled on m0n0wall firewall  
> rules on
> each interface to ensure fragments are passed.
>
> I'm not sure if this is the most elegant place in the code to apply  
> this,
> but it seems to be effective. I didn't want to modify fr_addstate  
> as it is
> called from different parts of the code. I suspect it may be something
> specific to FreeBSD 6.
>
> Let me know how this goes?

Works fine, thanks! I find it strange that nobody has filed a FreeBSD  
bug report for this yet - unless, of course, it's somehow related  
with the other kernel modifications in m0n0wall (which I don't  
suppose, after having read your explanation for ipfilter's wrong  
behavior again). Maybe we should do that now. ;)

Cheers,

Manuel