Date: Mon, 13 Mar 2000 06:45:44 +0100 (CET) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Mike Heffner <spock@techfour.net>, freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw doesn't match when src == dest Message-ID: <200003130545.GAA89213@info.iet.unipi.it> In-Reply-To: <Pine.NEB.3.96L.1000312174746.6734E-100000@fledge.watson.org> from Robert Watson at "Mar 12, 2000 05:52:07 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, the original poster found out the problem -- a call to inet_ntoa() (or similar function) which returned a ptr to a static buffer was used twice in the same function, with obvious results. cheers luigi > > > > Hello, > > > > > > When I recently redid my firewall, I wanted to block a strange packet from my > > > cablemodem, > > > > > > Deny P:2 192.168.100.1 192.168.100.1 in via ed1 > > > > are you sure that the logging code prints the right thing ? > > I noticed (from source code analysis) it does strange things with > > fragments, it might as well misbehave with short packets etc. > > Having spent about two minutes looking at the ipfw code, it looks like > there are no false accepts for ultra-fragmented UDP/TCP/ICMP packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003130545.GAA89213>