well, they get the whole mbuf/mbloc/skbuf/whatever, but I itentionally
omitted these and only kept the receiving interface, for simplicity
and brevity.
My point of iew is that these are local matters and if there is a related
problem such as maliciousely fragmented packets, the stack must be fixed,
and once again, using ALGS on a safe stack prevent these from ausing any
harm.
regards,
mouss
Paul D. Robertson wrote
>
> On Mon, 22 May 2000, mouss wrote:
>
> > The only things that an IP filter gets that are not handed to
> an ALG are:
> > - the receiving network interface
> > - protocol headers
>
> Thisis erronious- filters also get fragments (including invalid fragments)
> and out-of-order TCP packets in received order.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
