Date: Wed, 23 Aug 1995 03:50:44 +0800 (WST) From: Peter Wemm <peter@haywire.DIALix.COM> To: Gary Palmer <gary@palmer.demon.co.uk> Cc: Guido van Rooij <guido@gvr.win.tue.nl>, Warner Losh <imp@village.org>, freebsd-hackers@freebsd.org Subject: Re: IPFW and SCREEND Message-ID: <Pine.SV4.3.91.950823034241.26171D-100000@haywire.DIALix.COM> In-Reply-To: <8296.809119018@palmer.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Aug 1995, Gary Palmer wrote: > In message <199508221903.VAA00693@gvr.win.tue.nl>, Guido van Rooij writes: > >Just throw away *every* fragment that has as its start byte a byte in > >the TCP/IP header. (so smaller then 40) > > That'd be my opinion as well. Is there any DOCUMENTED & VALID reason > for having a fragment start with a byte offset into the header? > > Gary Dont forget the IP options that may come before the tcp header... You could put (say) 30 "NOP" options in the header, which would make the tcp header start at offset "50" rather than "20", and could use a fragment overlay starting above the "safe" cutoff of 40 bytes. In order to be safe, you could not allow a fragment to start anywhere less than "sizeof(IP header) + sizeof(MAX IP options) + sizeof(TCP header)" I presume Cisco handle that one too... So, how big can an IP header be? ip_hl = 4 bits.. What were the units again? 4 bytes? If so, then the IP part of the header could be up to 16 * 4 = 64 bytes long... You'd mainly need to protect your TCP port numbers (preventing a user from overlaying a "smtp" port header with "telnet"), so you'd need to toss *at least* anything with an offset of < 68... -Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.91.950823034241.26171D-100000>