From nobody@FreeBSD.org  Fri Aug 13 09:31:21 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E9D9F16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Aug 2004 09:31:21 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DD50843D2D
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Aug 2004 09:31:21 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i7D9VLPd012187
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Aug 2004 09:31:21 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.11/8.12.11/Submit) id i7D9VLtG012186;
	Fri, 13 Aug 2004 09:31:21 GMT
	(envelope-from nobody)
Message-Id: <200408130931.i7D9VLtG012186@www.freebsd.org>
Date: Fri, 13 Aug 2004 09:31:21 GMT
From: Mark Andrews <marka@isc.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfilter breaks IPv6 path mtu discovery
X-Send-Pr-Version: www-2.3

>Number:         70399
>Category:       kern
>Synopsis:       ipfilter breaks IPv6 path mtu discovery
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    darrenr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 13 09:40:23 GMT 2004
>Closed-Date:    Thu Dec 16 21:03:33 GMT 2004
>Last-Modified:  Thu Dec 16 21:03:33 GMT 2004
>Originator:     Mark Andrews
>Release:        4.10 stable
>Organization:
ISC
>Environment:
FreeBSD bsdi.dv.isc.org 4.10-STABLE FreeBSD 4.10-STABLE #11: Fri Aug 13 15:27:12 EST 2004     marka@bsdi.dv.isc.org:/usr/obj/usr/src/sys/BSDI  i386

>Description:
icmp6_error() prepends a mbuf to send ICMP6_PACKET_TOO_BIG.  When
ipfilter is active there is a attempt to pullup the full packet
which fails because there is not a associated cluster.

ICMP6_TIME_EXCEEDED can also demonstate the problem if traceroute6
uses a size of 105 or greater.
>How-To-Repeat:
      have a inbound interface w/ a mtu of 1500 and a output interface
with a mtu of 1280 (e.g. gif).  Have ipf active.  Attempt to send
a packet > 1280 octets through the router.  The ICMP6_PACKET_TOO_BIG
packet is dropped before it is emitted.
>Fix:
      
>Release-Note:
>Audit-Trail:

From: Mark Andrews <Mark_Andrews@isc.org>
To: freebsd-gnats-submit@FreeBSD.org, Mark_Andrews@isc.org
Cc:  
Subject: Re: kern/70399: ipfilter breaks IPv6 path mtu discovery
Date: Fri, 13 Aug 2004 21:44:00 +1000

 In sys/contrib/ipfilter/netinet/fil.c replace the m_pullup() call with
 
                  if (len > MHLEN && (m->m_flags & M_PKTHDR) != 0)
                          m = m_defrag(m, M_DONTWAIT);
                  else
                          m = m_pullup(m, len);
 
 as m_pullup() will always fail if len > MHLEN.
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Fri Aug 13 21:24:56 GMT 2004 
Responsible-Changed-Why:  
This looks like one for Darren. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70399 

From: David Malone <dwmalone@maths.tcd.ie>
To: freebsd-gnats-submit@FreeBSD.org, marka@isc.org
Cc: Darren Reed <darrenr@reed.wattle.id.au>
Subject: Re: kern/70399: ipfilter breaks IPv6 path mtu discovery
Date: Tue, 05 Oct 2004 12:40:32 +0100

 Hi Darren,
 
 Did you have a chance to look at?
 
 	http://www.freebsd.org/cgi/query-pr.cgi?pr=70399
 
 It looks like an IPfilter bug, but I guess it might be a problem
 with the expected behaviour of m_pullup either.
 
 	David.
State-Changed-From-To: open->closed 
State-Changed-By: darrenr 
State-Changed-When: Thu Dec 16 21:03:04 GMT 2004 
State-Changed-Why:  
this is now fixed on RELENG_4 (for 4.11), RELENG_5 and current. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70399 
>Unformatted:
