From owner-freebsd-hackers  Sun Feb  8 16:40:00 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA01818
          for hackers-outgoing; Sun, 8 Feb 1998 16:40:00 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA01753
          for <hackers@FreeBSD.ORG>; Sun, 8 Feb 1998 16:39:56 -0800 (PST)
          (envelope-from marcs@znep.com)
Received: from znep.com (uucp@localhost)
	by scanner.worldgate.com (8.8.7/8.8.7) with UUCP id RAA00973;
	Sun, 8 Feb 1998 17:39:41 -0700 (MST)
Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id RAA21551; Sun, 8 Feb 1998 17:38:42 -0700 (MST)
Date: Sun, 8 Feb 1998 17:38:42 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
To: Joao Carlos Mendes Luis <jonny@coppe.ufrj.br>
cc: Archie Cobbs <archie@whistle.com>, hackers@FreeBSD.ORG
Subject: Re: ipfw logs ports for fragments
In-Reply-To: <199802090018.WAA11332@gaia.coppe.ufrj.br>
Message-ID: <Pine.BSF.3.95.980208173653.18733P-100000@alive.znep.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 8 Feb 1998, Joao Carlos Mendes Luis wrote:

> #define quoting(Archie Cobbs)
> // Marc Slemko writes:
> // > Feb  4 16:08:27 zaius /kernel: ipfw: 320 Deny UDP 199.170.121.15:14592 198.161.84.2:2 in via de0 Fragment = 29
> // > 
> // > Trust me, those port numbers are not right.  ipfw should not log the
> // > port number if a packet is a fragment.
> // 
> // Good point... patch below fixes it.
> 
> Maybe a stupid question:
> 
> If you filter by port, only the first frag may be filtered.  Then, what will
> happen to the destination machine, receiving lots of incomplete packets ?

If you don't explicitly tell ipfw to pass frags, it will not.  That will
break some things, but is the safest way.

If you do tell it to pass them, then it will.  There is no real problem
(except for possible memory use, etc.) if a host gets fragements for a
packet; if it doesn't get the first part, it will not do anything with
them. 

See RFC-1858 for a discussion of some of the potential catches to
fragmentation and firewalls.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe hackers" in the body of the message