From owner-freebsd-hackers  Wed Aug 23 00:18:48 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id AAA16060
          for hackers-outgoing; Wed, 23 Aug 1995 00:18:48 -0700
Received: (from phk@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id AAA16049
          ; Wed, 23 Aug 1995 00:18:45 -0700
From: Poul-Henning Kamp <phk>
Message-Id: <199508230718.AAA16049@freefall.FreeBSD.org>
Subject: Re: IPFW and SCREEND
To: imp@village.org (Warner Losh)
Date: Wed, 23 Aug 1995 00:18:44 -0700 (PDT)
Cc: guido@gvr.win.tue.nl, peter@haywire.dialix.com,
        freebsd-hackers@FreeBSD.ORG
In-Reply-To: <199508222226.QAA11084@rover.village.org> from "Warner Losh" at Aug 22, 95 04:26:00 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Content-Length: 606       
Sender: hackers-owner@FreeBSD.ORG
Precedence: bulk

> 
> : Just throw away *every* fragment that has as its start byte a byte in
> : the TCP/IP header. (so smaller then 40)
> 
> That's the fix, but it isn't implemented yet in most Firewalls.

Actually, since all IP-nets SHALL transfer a minimum MTU of 576 (or 
thereabout), there is no reason to receive a fragment with an offset of less.

-- 
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Just that: dried leaves in boiling water ?