From dphill@inav.net Wed Sep 15 20:29:35 1999
Return-Path: <dphill@inav.net>
Received: from soli.inav.net (soli.inav.net [199.120.107.103])
	by hub.freebsd.org (Postfix) with ESMTP id 98A2F15250
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 15 Sep 1999 20:29:33 -0700 (PDT)
	(envelope-from dphill@inav.net)
Received: from deanstoy.dphill.inav.net (dip306.inav.net [205.160.208.176])
	by soli.inav.net (8.8.7/8.8.7) with ESMTP id WAA06699
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 15 Sep 1999 22:29:28 -0500
Received: (from dean@localhost)
	by deanstoy.dphill.inav.net (8.9.3/8.9.2) id VAA00754;
	Wed, 15 Sep 1999 21:53:24 -0500 (CDT)
	(envelope-from dean)
Message-Id: <199909160253.VAA00754@deanstoy.dphill.inav.net>
Date: Wed, 15 Sep 1999 21:53:24 -0500 (CDT)
From: dphill@inav.net
Reply-To: dphill@inav.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: Packet fragment filter bug in user-land PPP
X-Send-Pr-Version: 3.2

>Number:         13771
>Category:       misc
>Synopsis:       Packet fragment filter bug in user-land PPP
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    brian
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 15 20:30:01 PDT 1999
>Closed-Date:    Mon Apr 3 13:47:19 PDT 2000
>Last-Modified:  Mon Apr  3 13:52:54 PDT 2000
>Originator:     Dean M. Phillips
>Release:        FreeBSD 3.3-RC i386
>Organization:
None Whatsoever!
>Environment:

FreeBSD deanstoy 3.3-RC FreeBSD 3.3-RC #0: Sat Sep 11 09:51:31 CDT 1999     root@deanstoy:/usr/src/sys/compile/DEANSTOY  i386

User land PPP - build from sources cvsup'ed on Sep 14 22:40

>Description:

When the input filter is turned on, and large packets are received,
the second and following fragments are BLOCKED when they should not
be.  This caused some DNS lookups to fail.

This appears to be due to an inverted return condition in usr.sbin/ppp/ip.c

>How-To-Repeat:

Connect to ISP with PPP (ISP is using Linux in by case).

In PPP command window say: "set filter in 0 permit 0/0 0/0"
and "set log local TCP/IP".

In some other window say: "nslookup search.yahoo.com".

Watch second frag. of reply get blocked.

>Fix:
	
Apply the following patch to:
$FreeBSD: src/usr.sbin/ppp/ip.c,v 1.54.2.5 1999/08/29 15:46:06 peter Exp $
------------------------------ cut here ------------------------------
*** /usr/src/usr.sbin/ppp/ip.c.~1~	Sun Aug 29 10:46:06 1999
--- /usr/src/usr.sbin/ppp/ip.c	Tue Sep 14 22:40:39 1999
***************
*** 128,134 ****
      if (len < (24 >> 3))	/* don't allow fragment to over-write header */
        return (1);
      /* permit fragments on in and out filter */
!     return (filter->fragok);
    }
    
    cproto = gotinfo = estab = syn = finrst = didname = 0;
--- 128,134 ----
      if (len < (24 >> 3))	/* don't allow fragment to over-write header */
        return (1);
      /* permit fragments on in and out filter */
!     return (!filter->fragok);
    }
    
    cproto = gotinfo = estab = syn = finrst = didname = 0;

------------------------------ cut here ------------------------------

Returning true from FilterCheck causes the packet to be blocked.
Therefore if filter->fragok is true the packet was blocked.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->brian 
Responsible-Changed-By: ru 
Responsible-Changed-When: Thu Sep 16 01:34:13 PDT 1999 
Responsible-Changed-Why:  
Over to the maintainer. 
State-Changed-From-To: open->closed 
State-Changed-By: brian 
State-Changed-When: Mon Apr 3 13:47:19 PDT 2000 
State-Changed-Why:  
Change committed to filter.c (1.72) back in September '99 
>Unformatted:
