Date: Sun, 12 Jan 2003 17:44:37 -0800 From: Bill Fumerola <billf@mu.org> To: Luigi Rizzo <rizzo@icir.org> Cc: Josh Brooks <user@mail.econolodgetulsa.com>, freebsd-net@FreeBSD.ORG Subject: Re: ipfw rules - SYN w/o MSS, and ACK with 0 sequence number Message-ID: <20030113014437.GI35166@elvis.mu.org> In-Reply-To: <20030112101128.C10609@xorpc.icir.org> References: <20030111163433.S78856-100000@mail.econolodgetulsa.com> <20030112101128.C10609@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 12, 2003 at 10:11:28AM -0800, Luigi Rizzo wrote: > On Sat, Jan 11, 2003 at 04:40:53PM -0800, Josh Brooks wrote: > ... > > Second, it turns out that the default stream.c has ACK numbers of zero on > > every packet. So although I realize that since ipfw is stateless I cannot > > put in the _real_ fix (with ipfilter): > > ipfw has been stateful since early 2000, so you can implement > exactly the same thing mentioned below in ipfw as well. Read the ipfw > manpage for details also, ipfw can match packets by ack#. i've used this as criteria for a dummynet pipe rule in the past. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030113014437.GI35166>