Date: Thu, 5 Nov 1998 19:44:38 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: robert+freebsd@cyrus.watson.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: Amazing wonder packet Part 2. Message-ID: <199811060344.TAA20295@bubba.whistle.com> In-Reply-To: <Pine.BSF.3.96.981105103648.5251A-100000@fledge.watson.org> from Robert Watson at "Nov 5, 98 10:42:10 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson writes: > I also raised the question: are packets ever queued after acceptance by > ipfw such that they could be received later if the port is not yet bound? > For example, suppose ipfw in a nascent or under-developed state accepts a > packet, and then later named is started -- is it possible through any race > conditions that the packet accepted earlier will make it to named later? Unless you are using divert(4) rules, etc, all ipfw rules apply "atomically" to each packet... there's no possibility of adding/removing rules and applying of rules intersecting (reason: splnet()). Also, ipfw does not hold on to any packets. The only possible exception is a fragmented packet.. you could get one fragment, then change a rule, then get another.. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811060344.TAA20295>