Re: Kern/73129 and 5.3-STABLE

• Previous message: David G. Andersen: "Re: Kern/73129 and 5.3-STABLE"
• In reply to: David G. Andersen: "Re: Kern/73129 and 5.3-STABLE"
• Next in thread: Gleb Smirnoff: "Re: Kern/73129 and 5.3-STABLE"
• Reply: Gleb Smirnoff: "Re: Kern/73129 and 5.3-STABLE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 09 Feb 2005 21:48:18 +0100
To: "David G. Andersen" <dga@lcs.mit.edu>

"David G. Andersen" wrote:
>
> On Wed, Feb 09, 2005 at 01:58:28PM -0500, David G. Andersen scribed:
> > On Wed, Feb 09, 2005 at 06:33:11PM +0100, Andre Oppermann scribed:
> > > >
> > > > (Barring that, has anyone patched it in their own system, and if so,
> > > > would you mind sending me the patch? I dislike running custom kernel
> > > > code on these machines, but I'm happy to do so to get things working. :)
> > >
> > > Sorry, it'll be fixed in 5.4-RELEASE. I have made up my mind how to
> > > fix it the most correct way.
> >
> > Should have CC:'d; sorry.
> >
> > Thanks much for the quick response, Andre. If there's a patch available,
> > or any workaround you can think of, I'd love to know. Also, if you
> > need a beta tester or a test machine, or if there's anything else I
> > can do, please don't hesitate to ask. I'm happy to hack on it if
> > needs be.
>
> To answer my own question - I removed the if local checks, and have
> a functioning kernel again, back to whatever bug Andre's patch was
> correcting. :)

The problem is with locally generated packets which go the wrong way.
This gets nasty when the box has to generate some path MTU discovery
ICMP message and such. What I implemented is the correct thing to do
and prevents foot-shooting. On the other hand it prevents people from
forwarding local ports and such. Both sides of the coin have merit
and there is no easy deciding between them or obvious right or wrong
choice.

-- 
Andre
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: David G. Andersen: "Re: Kern/73129 and 5.3-STABLE"
• In reply to: David G. Andersen: "Re: Kern/73129 and 5.3-STABLE"
• Next in thread: Gleb Smirnoff: "Re: Kern/73129 and 5.3-STABLE"
• Reply: Gleb Smirnoff: "Re: Kern/73129 and 5.3-STABLE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Microsoft Security Bulletin MS03-010 - 331953 ... No patch for NT4, workaround is to place the system behind a firewall. ... What about internal threats? ... > The Microsoft Security Response Center has released Microsoft Security ... (microsoft.public.win2000.security) Re: IE6 form POST operation sporadic after sp KB832894 install ... We have configured our Apache 1.3.x web server to turn ... # The following directives modify normal HTTP response ... after I installed the latest IE patch and I cannot seem to ... I believe that his workaround fixes the problem for us. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Problem with locked down IIS and viewing PDFs ... Have you applied the patch with MS02-18? ... As for a workaround, you need to set RemoveServerHeader=0 in the URLScan.ini ... > when we go to view PDF documents on the site we get the following error: ... > Microsoft site to no avail. ... (microsoft.public.inetserver.iis.security) Re: [git head] X86_PAT & mprotect ... On Sat, May 10, 2008 at 6:05 AM, Venki Pallipadi ... I like your modified patch. ... Split up the patch into two parts as the pci part was unrelated to mprotect ... Some versions of X used the mprotect workaround to change caching type from ... (Linux-Kernel) Re: [PATCH] i2c.h: Fix another gcc 4.0 compile failure ... >> A. Daplas has recently done a workaround for this on another header ... >> patch below is also attached since I'm not sure formatting survives ... >i2c_transferfunction itself should be changed (not just the header ... (Linux-Kernel)