mailing list archives
Linux 2.1.x Firewalling code broked
From: darrenr () REED WATTLE ID AU (Darren Reed)
Date: Sat, 16 May 1998 01:11:17 +1000
----- Forwarded message from Bob Tracy - TDS -----
Subject: Linux 2.1.X ENskip fixed!
Date: Fri, 15 May 1998 09:07:39 -0500 (CDT)
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
(Gee, is this list dead or what? My earlier announcement of the
Linux 2.1.X ENskip botch elicited exactly ZERO comments in this
forum and in private e-mail.)
It took a few days, but I found the problem. It turns out that the
IP firewall code in Linux 2.1.X has been broken for a long time,
probably since early in the 2.1.X networking development cycle.
Specifically, not all the paths between the IPv4 layer and the physical
layer are covered by the firewall code, and in particular, the path
taken by a SYN_ACK packet ( ip_build_and_send_pkt() ) is not covered.
An official patch will probably appear in the 2.1.103 kernel: I
discovered the problem too late for inclusion in 2.1.102. Attached
please find a revised ENskip kernel patch for Linux 2.1.101 that
includes a fix for the firewall code.
- Linux 2.1.x Firewalling code broked Darren Reed (May 15)