----- Forwarded message from Bob Tracy - TDS ----- Subject: Linux 2.1.X ENskip fixed! Date: Fri, 15 May 1998 09:07:39 -0500 (CDT) X-Mailer: ELM [version 2.4ME+ PL40 (25)] Precedence: bulk (Gee, is this list dead or what? My earlier announcement of the Linux 2.1.X ENskip botch elicited exactly ZERO comments in this forum and in private e-mail.) It took a few days, but I found the problem. It turns out that the IP firewall code in Linux 2.1.X has been broken for a long time, probably since early in the 2.1.X networking development cycle. Specifically, not all the paths between the IPv4 layer and the physical layer are covered by the firewall code, and in particular, the path taken by a SYN_ACK packet ( ip_build_and_send_pkt() ) is not covered. An official patch will probably appear in the 2.1.103 kernel: I discovered the problem too late for inclusion in 2.1.102. Attached please find a revised ENskip kernel patch for Linux 2.1.101 that includes a fix for the firewall code. --
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:31 PDT