[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Version 1.22 freeze
 Date:  Fri, 30 Jun 2006 10:31:55 -0400
On 6/30/06, Soren Vanggaard Jensen <svanggaard at hotmail dot com> wrote:
> Also i saw this:
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc
> I know that the advisory says that only FreeBSD 6.0 is affected - but i
> assume that the most recent version of ipfw isn't written from scratch.

No, but it is *substantially* changed from what was in 4.11.  There
are at least twice the features, if not more than that.  There's a
good 4-5 years of development between much of what's in 4.11 and 6.0,
with drastic system-wide changes made in 5.x and a lot of polishing in

4.11 is still a maintained release that gets *all* security fixes.  So
is 5.5 (and a few other 4.x and 5.x releases).  It was obviously
introduced in some new feature or related change added in RELENG_6
prior to the release of 6.0, otherwise they would have fixed 4.x and
5.x releases as well.

Could there be a different issue in ipfw that's causing this?
Possibly, but there are people that aren't using ipfw at all that have
the problem.  From what we know at this point, if it even is network
traffic related, it could be ICMP, TCP, UDP, GRE, or any other IP

FWIW, Aaron emailed me his config.xml off list and he isn't using the
traffic shaper or captive portal, so ipfw isn't even loaded on his
problem system (which is by far the most reliable case for software
issues that I've heard yet - nobody's gone to near the extent that he
has to rule out hardware).  ipfw is a kernel module that gets
loaded/unloaded depending on what you have enabled.  It's definitely
not Aaron's problem.