On Sun, Mar 06, 2005 at 12:58:18PM -0500, Christos Zoulas wrote:
> In article <20050306111758.GA8180@bseis.eis.cs.tu-bs.de>,
> Juergen Hannken-Illjes  <hannken@eis.cs.tu-bs.de> wrote:
> >
> >The 28 comes from `frpr_pullup() :: plen += fin->fin_hlen;'. This function
> >and the interesting values are appended.
> >
> 
> I don't understand the logic here then. Plen is the minimum packet
> length acceptable on function entry. In the udp case we call it
> with the header length. Then we go and add the header length again?
> How is that supposed to work?

While it looks strange, it is ok.  The problem is/was the packet in question.
It is an UDP fragment `64910:4@16280'.  No UDP header but 4 (four) bytes of
data.

So this time I propose the appended diff.

- Return if fragment.

- Return if pullup fails.  Test for short package has already been done.

- Remove the no longer needed `!fin->fin_off' test.

-- 
Juergen Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)

Index: fil.c
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/fil.c,v
retrieving revision 1.10
diff -u -8 -r1.10 fil.c
--- fil.c	1 Mar 2005 13:41:43 -0000	1.10
+++ fil.c	7 Mar 2005 12:08:11 -0000
@@ -1074,23 +1074,23 @@
 static INLINE void frpr_udpcommon(fin)
 fr_info_t *fin;
 {
 	udphdr_t *udp;
 	fr_ip_t *fi;
 
 	fi = &fin->fin_fi;
 	fi->fi_flx |= FI_TCPUDP;
+	if (fin->fin_off != 0)
+		return;
 
-	if (frpr_pullup(fin, sizeof(*udp)) == -1) {
-		fi->fi_flx |= FI_SHORT;
+	if (frpr_pullup(fin, sizeof(*udp)) == -1)
 		return;
-	}
 
-	if (!fin->fin_off && (fin->fin_dlen > 3)) {
+	if (fin->fin_dlen > 3) {
 		udp = fin->fin_dp;
 
 		fin->fin_sport = ntohs(udp->uh_sport);
 		fin->fin_dport = ntohs(udp->uh_dport);
 	}
 }