Date: Wed, 7 May 1997 12:37:18 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: archie@whistle.com (Archie Cobbs) Cc: danny@panda.hilink.com.au, zbs@softec.sk, freebsd-hackers@FreeBSD.ORG Subject: Re: divert still broken? Message-ID: <199705070241.TAA25422@hub.freebsd.org> In-Reply-To: <199705062316.QAA20953@bubba.whistle.com> from "Archie Cobbs" at May 6, 97 04:16:26 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Archie Cobbs, sie said: > > Ah, now I see.. remembering that FO is stored in bytes/8 (as you pointed > out), it's not possible for a UDP header to be split across fragments > in any way (since it's only 8 bytes long)... correct? Tell me, what does ipfw do with a packet that says "more fragments" but the packet has no data (i.e. _no_ header at all), and is UDP ? Best thing, I think for ipfw to do, is drop any packets where the header(s) are split across multiple packets (i.e. aren't all in the one you have). Aside from that, UDP isn't an issue. I don't recall ipfw doing any ICMP filtering to worry about that.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705070241.TAA25422>