]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 27f8f85) | patch
Alter ipfw's behavior with respect to fragmented packets when the packet
authorAlexander Langer <alex@FreeBSD.org>
Thu, 12 Feb 1998 00:57:06 +0000 (00:57 +0000)
committerAlexander Langer <alex@FreeBSD.org>
Thu, 12 Feb 1998 00:57:06 +0000 (00:57 +0000)
commitce78a1f6ddf1f786825373e44834c67e004293b7
tree7021031bd7a8c46094ab9e0af6b3644d8646c534tree | snapshot
parent27f8f85b7efbfb3847e39dd95ab0866cea85d974commit | diff
Alter ipfw's behavior with respect to fragmented packets when the packet
offset is non-zero:

  - Do not match fragmented packets if the rule specifies a port or
    TCP flags
  - Match fragmented packets if the rule does not specify a port and
    TCP flags

Since ipfw cannot examine port numbers or TCP flags for such packets,
it is now illegal to specify the 'frag' option with either ports or
tcpflags.  Both kernel and ipfw userland utility will reject rules
containing a combination of these options.

BEWARE: packets that were previously passed may now be rejected, and
vice versa.

Reviewed by: Archie Cobbs <archie@whistle.com>
sbin/ipfw/ipfw.8 diff | blob | history
sbin/ipfw/ipfw.c diff | blob | history
sys/netinet/ip_fw.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.