Subject: Re: kern/27164
To: None <darrenr@netbsd.org, gnats-admin@netbsd.org,>
From: Hauke Fath <hf@spg.tu-darmstadt.de>
List: netbsd-bugs
Date: 09/14/2005 14:09:02
The following reply was made to PR kern/27164; it has been noted by GNATS.

From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: Hauke Fath <hf@spg.tu-darmstadt.de>
Cc: Darren Reed <darrenr@netbsd.org>, kern-bug-people@netbsd.org,
	gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: kern/27164
Date: Wed, 14 Sep 2005 12:14:34 +0200

 Hauke Fath wrote:
 > [Mail from 2005-04-13 re-sent;
 > Darren, did you ever get around to download the tarball? I get regular 
 > GNATS feedback reminders, please reset the PR.
 > Thanks, hauke]
 > 
 > 
 >> Am 30.10.2004 um 23:50 Uhr +0200 schrieb Hauke Fath:
 >>
 >>> Am 30.10.2004 um 9:15 Uhr +0000 schrieb Darren Reed:
 >>>
 >>>> I'm not sure that "keep frags" works with Linux because (for some 
 >>>> versions
 >>>> of it, at least) they send the fragments in the reverse order to 
 >>>> that with
 >>>> which ipfilter works.
 >>>>
 >>>> Can you investigate with tcpdump and find out whether or not the
 >>>> Linux boxes are sending the last fragment first?
 >>>
 >>>
 >>> Give me a fortnight. I'm on the eurobsdcon ATM, and then on holiday 
 >>> during the next week.
 >>>
 >>> I've got an ethereal dump file around that shows the problem, and I 
 >>> can tcpdump a RH9 machine's traffic, if needed.
 >>>
 >>> But I actually came across the question - some discussion on the ipf 
 >>> mailing list a while back. And I'm pretty sure I tried nfs v2 / udp / 
 >>> 1k packets to check this, with and without "keep frags", and it 
 >>> didn't make a difference.
 >>>
 >>> The stateless rules that are currently in place, OTOH, have "keep 
 >>> frags".
 >>>
 >>> So, while the reverse order issue may be part of the picture, it's 
 >>> not everything.
 >>>
 >>> I'll get back to you with the tcpdump.
 >>
 >>
 >> Hi Darren,
 >>
 >> I sent the URL some months ago, but never heard back from you - the 
 >> issue may have been lost during your move to China.
 >>
 >> I have put a 1.3 MByte ethereal trace on 
 >> http://www.spg.tu-darmstadt.de/~hf/XXXXXXXXXXXXXXXXXXXXXXX .
 >>
 >> It contains the traffic between a RH 9 machine and a pre-2.0 NetBSD 
 >> NFS server via a filtering router (specs and RCS ids in the PR).
 >>
 >> Since there may be security sensitive data, I'd rather not submit the 
 >> URL to the Gnats db. Nevertheless, can you please update the PR state?
 >>
 >> Regards,
 >>     hauke
 
 The router in question runs netbsd-3 now (the PR is against ipfilter 
 1.3.29 as found in netbsd-1-6). The RedHat machines that triggered the 
 bug are gone from our network, so I have no means any more of 
 testing/reproducing the problem.
 
 Since Darren seems too busy to pick up the tcpdump tarball, or even 
 update the status of the pr, I ask for this PR to be closed.
 
 	hauke
 
 
 [http://www.netbsd.org/Misc/query-pr.html tells me ther is no PR 
 #27164?! Something's badly broken there...]
 
 -- 
 /~\  The ASCII Ribbon Campaign                    Hauke Fath
 \ /    No HTML/RTF in email	        Institut für Nachrichtentechnik
   X     No Word docs in email	                  TU Darmstadt
 / \  Respect for open standards              Ruf +49-6151-16-3281