--- Comment #2 from Helge Oldach <free...@oldach.net> ---
(In reply to Mark Felder from comment #1)
Tested and works.
However the reass should come *before* the check-state as fragments (except the
first) don't include protocol and port numbers and thus cannot match
check-state anyway. We need to reassemble first, then check-state will do the
right thing. (It doesn't harm to implement as proposed, but we may save a few
cycles if we reass first.)
Furthermore, along the same line we should not only reassemble UDP but any IP
packet (including IPv6), which is also suggested by ipfw(8) manpage:
Usually a simple rule like:
# reassemble incoming fragments
ipfw add reass all from any to any in
is all you need at the beginning of your ruleset.
You are receiving this mail because:
You are the assignee for the bug.
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"