Date: Thu, 22 Jul 2004 23:59:12 +0200 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: othermark <atkin901@yahoo.com> Subject: Re: fixing out of order first fragment processing? Message-ID: <200407222359.23147.max@love2party.net> In-Reply-To: <cdpbts$om0$1@sea.gmane.org> References: <cdpbts$om0$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_7iDABeE2DhapSs4 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 22 July 2004 23:34, othermark wrote: > Hi, > > This is one of those obscure, yet well known issues in FreeBSD, > some network stacks, like Linux, send the udp/icmp fragment > first (if multiple frags -- in reverse order), then the orginal > packet with the header. > > In -current, we still cannot process this simple fragged icmp-echo > request from a Linux host. For example, 'ping -c 1 -s 1500 <freebsd ip>'. > > FreeBSD discards the frag(s) and when it sees the initial packet with > header waits for the frags. > > So two questions: > > 1. is there a gnats pr? I tried various searches with no success. > 2. are there workarounds/patches? Activation of pf with a scrub in on <interface> fragment reassemble rule works as workaround. In every case you have to decide if you want to=20 invest the required memory to store fragments, which might make you=20 easy/easier prey for DoS-attacks. Usually, for an average gateway the cost = is=20 worth the gain (=3D increased security). =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-02=_7iDABeE2DhapSs4 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBBADi7XyyEoT62BG0RApMqAJ9W6S1o2XOtEKjYgXBWVzqN9hGFJwCeIMeH Z0txgmJtlI+Bn17E7zLJG+o= =QSmo -----END PGP SIGNATURE----- --Boundary-02=_7iDABeE2DhapSs4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407222359.23147.max>