From owner-freebsd-security@FreeBSD.ORG  Tue Mar  2 10:08:09 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8629D16A4CE
	for <freebsd-security@freebsd.org>;
	Tue,  2 Mar 2004 10:08:09 -0800 (PST)
Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BEE1943D2D
	for <freebsd-security@freebsd.org>;
	Tue,  2 Mar 2004 10:08:08 -0800 (PST)
	(envelope-from avalon@caligula.anu.edu.au)
Received: from caligula.anu.edu.au (localhost [127.0.0.1])
	by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i22I87bF007056;
	Wed, 3 Mar 2004 05:08:07 +1100 (EST)
Received: (from avalon@localhost)
	by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i22I87XN007054;
	Wed, 3 Mar 2004 05:08:07 +1100 (EST)
From: Darren Reed <avalon@caligula.anu.edu.au>
Message-Id: <200403021808.i22I87XN007054@caligula.anu.edu.au>
To: silby@silby.com (Mike Silbersack)
Date: Wed, 3 Mar 2004 05:08:07 +1100 (Australia/ACT)
In-Reply-To: <20040302113600.V12133@odysseus.silby.com> from "Mike Silbersack"
	at Mar 02, 2004 11:40:27 AM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: freebsd-security@freebsd.org
Subject: Re: mbuf vulnerability
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2004 18:08:09 -0000

In some mail from Mike Silbersack, sie said:
> On Wed, 3 Mar 2004, Darren Reed wrote:
> > Uh, what did you test and what did you test with ?
> 
> FreeBSD 4.9 with ipf.
>
> > "strict" requires that the sequence number in packet n should match
> > what that sequence number of the last byte in packet n-1 - i.e. no
> > out of order delivery is permitted.
> >
> > Darren
> 
> strict isn't in the ipf manpage, and ipf complains when I try using it.
> 
> I did some more google searching which implies that "strict" is available
> in ipfilter 4.x, not the 3.x series that ships with FreeBSD.

Right, so your comment about it "not working" applies to 3.x (which
is what comes with freebsd, currently), which is what i was hoping :)

My comment was to say that with ipf4, you can address this problem.

darren