From owner-freebsd-hackers Tue May 6 19:41:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id TAA25431 for hackers-outgoing; Tue, 6 May 1997 19:41:25 -0700 (PDT) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA25422 for ; Tue, 6 May 1997 19:41:21 -0700 (PDT) Message-Id: <199705070241.TAA25422@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA003522638; Wed, 7 May 1997 12:37:18 +1000 From: Darren Reed Subject: Re: divert still broken? To: archie@whistle.com (Archie Cobbs) Date: Wed, 7 May 1997 12:37:18 +1000 (EST) Cc: danny@panda.hilink.com.au, zbs@softec.sk, freebsd-hackers@FreeBSD.ORG In-Reply-To: <199705062316.QAA20953@bubba.whistle.com> from "Archie Cobbs" at May 6, 97 04:16:26 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In some mail from Archie Cobbs, sie said: > > Ah, now I see.. remembering that FO is stored in bytes/8 (as you pointed > out), it's not possible for a UDP header to be split across fragments > in any way (since it's only 8 bytes long)... correct? Tell me, what does ipfw do with a packet that says "more fragments" but the packet has no data (i.e. _no_ header at all), and is UDP ? Best thing, I think for ipfw to do, is drop any packets where the header(s) are split across multiple packets (i.e. aren't all in the one you have). Aside from that, UDP isn't an issue. I don't recall ipfw doing any ICMP filtering to worry about that.