Date: Tue, 13 Nov 2007 15:39:58 -0700 From: Curby <curby.public@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Fragmented Packet Reassembly and IPFW2 Message-ID: <5d2f37910711131439x56bb2028maa40b0475feffde4@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, this is slightly off-topic as it relates to IPFW2 in Mac OS X (as of Tiger, 10.4.x). I've read that when a FreeBSD machine running IPFW2 receives a fragmented TCP packet (and let's say that the machine itself is the intended destination), the packet is reassembled before it gets to IPFW2, and IPFW2 sees a single TCP packet. Basically, the (first) question is whether this is the case in OS X. Next, and especially if reassembly occurs before the firewall, what is the point of the frag flag in a rule body, e.g.: add 04010 deny log all from any to any frag in Question 2 in a nutshell: what's the point of "frag" if frags are already being reassembled? Is this meant to reject incoming frags that aren't reassembled by the kernel (i.e. crap traffic)? I'm actually using the exact rule above in my laptop firewall configuration, and the only time I've seen it triggering is at a conference's wifi network, where other clients would be sending multicast frags to 224.0.0.251. (If that's crap traffic, why would it be rampant at that conference?) Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5d2f37910711131439x56bb2028maa40b0475feffde4>