Problems with IP fragments
Lev Serebryakov
lev at FreeBSD.org
Tue Feb 10 10:49:31 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 10.02.2015 00:21, Andre Albsmeier wrote:
> The ipfw man page says:
>
> Usually a simple rule like:
>
> # reassemble incoming fragments ipfw add reass all from any to any
> in
>
> is all you need at the beginning of your ruleset.
>
> However, I could never make this work. It eats all fragments but
> the resulting final packet never makes it. I am back to
>
> ipfw -q add 1 pass udp from any to $myip frag in recv $ifc
>
> as I need it only for UDP. Frag reassembly in pf works well on the
> other hand...
reass works for me, but kills all IPv6 packets, so it should be "reass
ip4 from any to any in [recv $iface]"
- --
// Lev Serebryakov AKA Black Lion
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJU2eIyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePBe8P/3DNcYMcf/2jwKEQjV+FFdd9
p9p/SVbsHlXAW1TyMXQWua+gBVFCdz+Ks1ff4F7cg/g1b24GOkmNzmzvgZRQ4cbt
4hHn8exNNPvJg/9/UzXfB73f6VPihRqeMA6qknLtf9B2zMOYvahMSDqOslUQmR89
HoMkuirVNNN8GMKIrWLYN1y/cuN0WPRuQXj/XRaKPY+WRMsO/i0hD52X7Ac5WaJn
+gT6lQR6ujPtTtk3nlYwgWup1YIdfaizRXE6VYBlapAof/jghCKSDu3NYLbcr0wy
qlnKrUVlJ7dpTzmYCvmRY9Sifs8+WYCX69TFlDf+1YaDb0878uG51mmy6kNWwbmU
nGdj1gxgZuqtZ9DW7Q0x0wsg4gEGOIXCodz4/7q//TvU0w97Wu/SQIhtjleY7b62
VKoFXbmiOe3HP/LigJC/mQ6CJyAPeKi5qDot6FNflpTWW+RYY0GCJQW7j0BcCTRo
UxdoqQ2/sdvc01PLDIfI9pwO1HEJxzEBv52aKPN2KTtWDSV5sqzJECIGRwVRrs99
xfc0IlKNEFrmfODcRHqXlIzXi50ccTL7f/OCofQdj5lml8wWnPkSULmyTtbjq4gQ
Nm1qkDqnG8P7D4Yj84YX7zjfDTdjXX7ag1jxjw3djVQ+LohfB2VxWxNBtFM2lDx+
weZoCcbAaaJO7rPL3GdF
=vz5c
-----END PGP SIGNATURE-----
More information about the freebsd-net
mailing list