Date: Mon, 29 Jan 2001 19:58:02 +0200 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Archie Cobbs <archie@dellroad.org> Cc: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu>, net@FreeBSD.ORG, Archie Cobbs <archie@FreeBSD.ORG> Subject: Re: ipfw message Message-ID: <20010129195802.B83844@sunbay.com> In-Reply-To: <200101291744.JAA20568@curve.dellroad.org>; from archie@dellroad.org on Mon, Jan 29, 2001 at 09:44:07AM -0800 References: <20010129105926.B27558@sunbay.com> <200101291744.JAA20568@curve.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 29, 2001 at 09:44:07AM -0800, Archie Cobbs wrote: > Ruslan Ermilov writes: > > I think I have found a bug here. When the ``divert foo ... udp ...'' rule > > has no destination port specification, everything works as documented, i.e. > > all fragments are reassembled and get diverted to the divert(4) to port > > ``foo''. If I add the destination port specification, only the first > > (offset zero) fragment gets diverted: > > Yep.. diversion happens before reassembly, but diverted packets > are only delivered after reassembly. > > So if not all of the fragments are diverted, the packet is lost > because only an incomplete portion of it gets diverted. > > To "fix" this bug would require reassembling *all* (or a large > portion of the) packets passing through the kernel, which is probably > not a win. A workaround is to match conservatively (i.e., match > all udp packets) and have the userland code just reinject any > false positives. > Or add ``divert same-port udp from any to any frag''... Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129195802.B83844>