Date: Tue, 13 Nov 2007 15:09:30 -0800 From: Julian Elischer <julian@elischer.org> To: Curby <curby.public@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Fragmented Packet Reassembly and IPFW2 Message-ID: <473A2EAA.3090606@elischer.org> In-Reply-To: <5d2f37910711131439x56bb2028maa40b0475feffde4@mail.gmail.com> References: <5d2f37910711131439x56bb2028maa40b0475feffde4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Curby wrote: > Hi, this is slightly off-topic as it relates to IPFW2 in Mac OS X (as > of Tiger, 10.4.x). > > I've read that when a FreeBSD machine running IPFW2 receives a > fragmented TCP packet (and let's say that the machine itself is the > intended destination), the packet is reassembled before it gets to > IPFW2, and IPFW2 sees a single TCP packet. Basically, the (first) > question is whether this is the case in OS X. I don't believe that happens in FreeBSD.. where did you hear that? *adds looking at the code to 10,000 item list of things to do* > > Next, and especially if reassembly occurs before the firewall, what is > the point of the frag flag in a rule body, e.g.: > > add 04010 deny log all from any to any frag in > > Question 2 in a nutshell: what's the point of "frag" if frags are > already being reassembled? Is this meant to reject incoming frags > that aren't reassembled by the kernel (i.e. crap traffic)? I'm > actually using the exact rule above in my laptop firewall > configuration, and the only time I've seen it triggering is at a > conference's wifi network, where other clients would be sending > multicast frags to 224.0.0.251. (If that's crap traffic, why would it > be rampant at that conference?) Thanks! > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?473A2EAA.3090606>