From owner-freebsd-hackers Sun Aug 18 19:29:45 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id TAA06904 for hackers-outgoing; Sun, 18 Aug 1996 19:29:45 -0700 (PDT) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA06899 for ; Sun, 18 Aug 1996 19:29:43 -0700 (PDT) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id TAA12332; Sun, 18 Aug 1996 19:29:12 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma012330; Sun Aug 18 19:28:57 1996 Received: (from archie@localhost) by bubba.whistle.com (8.6.12/8.6.12) id TAA26457; Sun, 18 Aug 1996 19:28:57 -0700 From: Archie Cobbs Message-Id: <199608190228.TAA26457@bubba.whistle.com> Subject: Re: ipfw vs ipfilter To: phk@critter.tfs.com (Poul-Henning Kamp) Date: Sun, 18 Aug 1996 19:28:56 -0700 (PDT) Cc: imp@village.org, jkh@time.cdrom.com, ugen@latte.worldbank.org, hackers@freebsd.org In-Reply-To: <6538.840379353@critter.tfs.com> from "Poul-Henning Kamp" at Aug 18, 96 04:42:33 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > >One of our paranoid villagers recently did a code review on ipfw. He > >said it was OK, but found a couple of problems. Specifically, the > >code lacked comments, there was a bug in the IP header fragment > >discarding code (if the offset was one, it would discard the fragment, > >but not when it was 2, it should properly discard the fragment for all > >offsets > 0 < the size of the headers), it assumed that the user > > This is a common mistake, only offset==1 needs to be discarded. Uh huh, and see RFC 1858 for a "proof." -Archie ___________________________________________________________________________ Archie L. Cobbs, archie@whistle.com * Whistle Communications Corporation