Bug 13771

When the input filter is turned on, and large packets are received,
the second and following fragments are BLOCKED when they should not
be.  This caused some DNS lookups to fail.

This appears to be due to an inverted return condition in usr.sbin/ppp/ip.c

Fix: Apply the following patch to:
$FreeBSD: src/usr.sbin/ppp/ip.c,v 1.54.2.5 1999/08/29 15:46:06 peter Exp $
------------------------------ cut here ------------------------------


------------------------------ cut here ------------------------------

Returning true from FilterCheck causes the packet to be blocked.
Therefore if filter->fragok is true the packet was blocked.--1IgEjU0eh7RvTXXHtzhBTQDJRQ3Z5ih0tJoxsZ1Ib2PbIJLC
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

*** /usr/src/usr.sbin/ppp/ip.c.~1~	Sun Aug 29 10:46:06 1999
--- /usr/src/usr.sbin/ppp/ip.c	Tue Sep 14 22:40:39 1999
***************
*** 128,134 ****
      if (len < (24 >> 3))	/* don't allow fragment to over-write header */
        return (1);
      /* permit fragments on in and out filter */
!     return (filter->fragok);
    }
    
    cproto = gotinfo = estab = syn = finrst = didname = 0;
--- 128,134 ----
      if (len < (24 >> 3))	/* don't allow fragment to over-write header */
        return (1);
      /* permit fragments on in and out filter */
!     return (!filter->fragok);
    }
    
    cproto = gotinfo = estab = syn = finrst = didname = 0;
How-To-Repeat: 
Connect to ISP with PPP (ISP is using Linux in by case).

In PPP command window say: "set filter in 0 permit 0/0 0/0"
and "set log local TCP/IP".

In some other window say: "nslookup search.yahoo.com".

Watch second frag. of reply get blocked.