https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216867

--- Comment #2 from Helge Oldach <free...@oldach.net> ---
(In reply to Mark Felder from comment #1)
Tested and works.

However the reass should come *before* the check-state as fragments (except the
first) don't include protocol and port numbers and thus cannot match
check-state anyway. We need to reassemble first, then check-state will do the
right thing. (It doesn't harm to implement as proposed, but we may save a few
cycles if we reass first.)

Furthermore, along the same line we should not only reassemble UDP but any IP
packet (including IPv6), which is also suggested by ipfw(8) manpage:

             Usually a simple rule like:

                   # reassemble incoming fragments
                   ipfw add reass all from any to any in

             is all you need at the beginning of your ruleset.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Reply via email to