Bug 25796

Summary: ipfw(8) manpage has no info on "Rule -1"
Product: Documentation Reporter: cjclark <cjclark>
Component: Books & ArticlesAssignee: dd <dd>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description cjclark 2001-03-14 09:00:02 UTC 
	When logging is enabled in ipfw(8), it may report that packets
were dropped by "Rule -1." From examing the code, this can occur under
two conditions: (1) a call to m_pullup returns zero or (2) a TCP
fragment with an offset of 1 is encountered. For the first issue, I am
not enough of a kernel-mbuf guy to know exactly what the implications
are. However, for the second case, there is already text in the
ipfw(8) manpage spelling this out, but no reference to the fact this
is reported as "Rule -1."

Fix: A quick sentence in ipfw(8) should be a nice RTFM pointer
since this pops up frequently on the mail lists. A simple patch,

How-To-Repeat: 
	Enable firewall logining and fire tiny, the smallest possible,
fragments at it to see "Rule -1." Use 'man ipfw' to review the
documentation.
Comment 1 dd freebsd_committer freebsd_triage 2001-03-15 01:45:34 UTC 
Responsible Changed
From-To: freebsd-doc->dd

I'll do this.
Comment 2 dd freebsd_committer freebsd_triage 2001-03-16 01:28:12 UTC 
State Changed
From-To: open->suspended

Committed to -current, thanks!  I'll MFC this after the code freeze.
Comment 3 dd freebsd_committer freebsd_triage 2001-04-26 03:17:59 UTC 
State Changed
From-To: suspended->closed

MFC'd.