Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Jan 2001 19:58:02 +0200
From:      Ruslan Ermilov <ru@FreeBSD.ORG>
To:        Archie Cobbs <archie@dellroad.org>
Cc:        Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu>, net@FreeBSD.ORG, Archie Cobbs <archie@FreeBSD.ORG>
Subject:   Re: ipfw message
Message-ID:  <20010129195802.B83844@sunbay.com>
In-Reply-To: <200101291744.JAA20568@curve.dellroad.org>; from archie@dellroad.org on Mon, Jan 29, 2001 at 09:44:07AM -0800
References:  <20010129105926.B27558@sunbay.com> <200101291744.JAA20568@curve.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Jan 29, 2001 at 09:44:07AM -0800, Archie Cobbs wrote:
> Ruslan Ermilov writes:
> > I think I have found a bug here.  When the ``divert foo ... udp ...'' rule
> > has no destination port specification, everything works as documented, i.e.
> > all fragments are reassembled and get diverted to the divert(4) to port
> > ``foo''.  If I add the destination port specification, only the first
> > (offset zero) fragment gets diverted:
> 
> Yep.. diversion happens before reassembly, but diverted packets
> are only delivered after reassembly.
> 
> So if not all of the fragments are diverted, the packet is lost
> because only an incomplete portion of it gets diverted.
> 
> To "fix" this bug would require reassembling *all* (or a large
> portion of the) packets passing through the kernel, which is probably
> not a win.  A workaround is to match conservatively (i.e., match
> all udp packets) and have the userland code just reinject any
> false positives.
> 
Or add ``divert same-port udp from any to any frag''...


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129195802.B83844>