From gul@lamamba.itsinternet.net  Fri Jul 15 09:25:34 2005
Return-Path: <gul@lamamba.itsinternet.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 870CD16A41C
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 15 Jul 2005 09:25:34 +0000 (GMT)
	(envelope-from gul@lamamba.itsinternet.net)
Received: from lamamba.itsinternet.net (lamamba.itsinternet.net [213.133.160.29])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1EF6443D49
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 15 Jul 2005 09:25:34 +0000 (GMT)
	(envelope-from gul@lamamba.itsinternet.net)
Received: from [127.0.0.1] (helo=lamamba.itsinternet.net ident=gul)
	by lamamba.itsinternet.net with esmtp (Exim 4.51 (FreeBSD))
	id 1DtMRn-0006nf-T0
	for FreeBSD-gnats-submit@freebsd.org; Fri, 15 Jul 2005 12:25:31 +0300
Received: (from gul@localhost)
	by lamamba.itsinternet.net (8.13.3/8.13.1/Submit) id j6F9PVdv026142;
	Fri, 15 Jul 2005 12:25:31 +0300 (EEST)
	(envelope-from gul)
Message-Id: <200507150925.j6F9PVdv026142@lamamba.itsinternet.net>
Date: Fri, 15 Jul 2005 12:25:31 +0300 (EEST)
From: gul@itsinternet.net
Reply-To: gul@itsinternet.net
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: fragmented packets does not pass through a pipe
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         83499
>Category:       kern
>Synopsis:       fragmented packets does not pass through a pipe
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 15 09:30:11 GMT 2005
>Closed-Date:    Sun Mar 02 02:30:22 UTC 2008
>Last-Modified:  Sun Mar 02 02:30:22 UTC 2008
>Originator:     Pavel Gulchouck
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
IT Systems
>Environment:
System: FreeBSD lamamba.itsinternet.net 5.4-STABLE FreeBSD 5.4-STABLE #1: Thu Jun 30 23:41:25 EEST 2005 root@lamamba.itsinternet.net:/usr/obj/usr/src/sys/LAMAMBA i386


	
>Description:
If I add line
add pipe 20 ip from any to any xmit fxp1
then transit packets passed through this rule losts. Not fragmented
packets processed correctly.
Without this rule both "ping -s 1500" and "ping -s 1472" works fine.
tcpdump shows in pipe case first part of packet followed by
the second part, I think it cause problem with reassembling.
I have no ipfw rules with "frag" flag.
>How-To-Repeat:
Create ipfw pipe and try to "ping -s 1500" though it.
It fails on my tests on RELENG_5 and RELENG_5_3, other versions
I did not test.
>Fix:
Now as workaround I pass all packets before pipe through divert socket
without altering for reassemble.

>Release-Note:
>Audit-Trail:

From: Maxim <max@max.net.ua>
To: bug-followup@FreeBSD.org, gul@itsinternet.net
Cc:  
Subject: Re: kern/83499: fragmented packets does not pass through a pipe
Date: Mon, 24 Oct 2005 22:32:45 +0300

 Hi!
 
 I had a similar situation,
 this problem was observed from a version 5.3
 In a version 5.2.1 and below all worked OK.
 a problem is also noticed at passing through such rule with pipe of
 IPSEC.
 
 
State-Changed-From-To: open->feedback 
State-Changed-By: kmacy 
State-Changed-When: Mon Nov 19 08:38:05 UTC 2007 
State-Changed-Why:  

Is re-assembly still broken with ipfw on RELENG_7? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83499 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Sun Mar 2 02:30:03 UTC 2008 
State-Changed-Why:  
Feedback timeout (> 3 months). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83499 
>Unformatted:
