From owner-freebsd-hackers Wed Jan 24 15: 1:58 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 85C7537B402 for ; Wed, 24 Jan 2001 15:01:40 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.1/8.11.1) id f0ON1cX21729; Wed, 24 Jan 2001 15:01:38 -0800 (PST) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200101242301.f0ON1cX21729@iguana.aciri.org> Subject: Re: Divert Sockets & Fragmentation In-Reply-To: from Alwyn Goodloe at "Jan 24, 2001 6: 0:10 pm" To: agoodloe@gradient.cis.upenn.edu (Alwyn Goodloe) Date: Wed, 24 Jan 2001 15:01:38 -0800 (PST) Cc: rizzo@aciri.org, hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I was originally diverting udp packets heading to a particular port then > I flushed the ipfw and tried: > > ipfw add 60000 divert 4422 ip all from any to any in > and still no packets are received by recvfrom(). Would the port numbers > matter for this case. probably not but better check if you have any former rule which matches fragments luigi > Alwyn > agoodloe@gradient.cis.upenn.edu > > > > > > On Wed, 24 Jan 2001, Luigi Rizzo wrote: > > > it depends on what template do you use for matching. > > the firewall acts before reassembly, so for the fragments you will > > not be able to see the port numbers. > > > > cheers > > luigi > > > > > I have been using divert sockets for a while sending small (< MTU) UDP > > > packets and everything worked fine. Now that the UDP packets are larger > > > (>MTU = 1500) and hence fragmentation is taking place there seems to be a > > > problem. tcpdump tells me that the fragmented packets arrive but it seems > > > that they are never diverted. I say this because after they are received > > > recvfrom () never gets the packet. I've done things like play with the > > > nbytes field of the recvfrom() fn. without any success. Any > > > suggestions, I'm sure its something stupid. > > > > > > > > > Alwyn > > > agoodloe@gradient.cis.upenn.edu > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-hackers" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message