Date: Sun, 18 Aug 1996 19:28:56 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: phk@critter.tfs.com (Poul-Henning Kamp) Cc: imp@village.org, jkh@time.cdrom.com, ugen@latte.worldbank.org, hackers@freebsd.org Subject: Re: ipfw vs ipfilter Message-ID: <199608190228.TAA26457@bubba.whistle.com> In-Reply-To: <6538.840379353@critter.tfs.com> from "Poul-Henning Kamp" at Aug 18, 96 04:42:33 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> >One of our paranoid villagers recently did a code review on ipfw. He > >said it was OK, but found a couple of problems. Specifically, the > >code lacked comments, there was a bug in the IP header fragment > >discarding code (if the offset was one, it would discard the fragment, > >but not when it was 2, it should properly discard the fragment for all > >offsets > 0 < the size of the headers), it assumed that the user > > This is a common mistake, only offset==1 needs to be discarded. Uh huh, and see RFC 1858 for a "proof." -Archie ___________________________________________________________________________ Archie L. Cobbs, archie@whistle.com * Whistle Communications Corporation
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608190228.TAA26457>