On Wed, Apr 25, 2001 at 01:35:44PM -0700, netbsd.ndk wrote:
> OpenBSD just released a patch for this, will NetBSD do the same?
> 
> 'IPF has a serious problem with fragment caching, the bug is
> triggered if you use the ipf(5) syntax "keep state".'
> 
> Just wondering...

NetBSD -current and 1.5.1_BETA should be OK, this has been fixed some time
ago. I hope someone is writing an advisatory :)

BTW, it's not only "keep state"; "keep frags" and ipnat proxies
will also modify the cache.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--