Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Nov 2007 23:45:01 -0700
From:      Curby <curby.public@gmail.com>
To:        freebsd-ipfw <freebsd-ipfw@freebsd.org>
Subject:   Fwd: Fragmented Packet Reassembly and IPFW2
Message-ID:  <5d2f37910711132245n3e699b57i1746594462725a09@mail.gmail.com>
In-Reply-To: <5d2f37910711132244w39e73eb0nb8d8ac460dd15fcd@mail.gmail.com>
References:  <5d2f37910711131439x56bb2028maa40b0475feffde4@mail.gmail.com> <opt1rk69dr4fjv08@nuclight.avtf.net> <5d2f37910711132244w39e73eb0nb8d8ac460dd15fcd@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Julian and Vadim, thank you both for your replies.  Here's a really old quote:

"The ip_input() routine in the kernel then dequeues the packet,
performs sanity checks on the packet and determines the destination
for the packet. If the destination is the local computer, the kernel
will perform packet reassembly. "

from http://usenix.net/events/bsdcon02/full_papers/lidl/lidl_html/index.html

Also, this poster is less sure but suggests that this might happen:
http://osdir.com/ml/freebsd.isp/2003-02/msg00091.html

I also think that Linux iptables only sees reassembled packets (at
least some of the time, e.g. when it is legitimate traffic destined
for the host itself), so this isn't altogether wild and crazy.

If in fact reassembly does not happen, I should remove that rule as
frags will likely not match using a check-state rule because they lack
tcp/udp header information.  Is there a way in ipfw to allow frags
that claim to be related to a known-good first frag but drop others?
Something like check-state but for fragments 1 and above, in other
words.

The odd thing is that I didn't see any dropped packets in my logs or
notice any disrupted traffic (e.g. in a web browser) before this
conference, where frags were suddenly flying all over.  Thanks again
for your help!

--Mike



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5d2f37910711132245n3e699b57i1746594462725a09>