jared r r spiegel wrote:
> On Sat, Feb 04, 2006 at 12:59:41AM +0100, Jonas Davidsson wrote:
>> Pf does not seem to allow UDP packets destined for port 0 out, TCP packets
>> to the same port pass without problems.
>> If nothing else, this breaks nmaps os-detection mode.
>>
>> with 'pass quick on em0'
>> [send_ip] sendto: No route to host
>>
>> with 'set skip on em0':
>> ICMP Port Unreachable from ip=192.168.1.10
>>
>> Is this intentional and if so, why?
>
> there are a couple 'uh.uh_dport == 0' tests in net/pf.c....
>
> as to why?
>
> a little googling around and the most appropriate post i could
> find was a netbsd post from itojun [1] in which he asks
> about the behaviour of dest port 0 being interpreted as
> undefined.
>
> don't know if this is a good match for the reason, but
> it seems plausible. might find some info in libsa/net.c
> too, but it's a bit too rich for my blood in there.
>
> [1] - http://mail-index.netbsd.org/tech-net/2000/01/08/0000.html
>
Thanks, though I don't see why this should be fixed (silently) by the firewall
instead of just having the OS patched to
ignore such packets.. Then again, that might not even be the actual reason. in
any way thanks for your googling efforts. :)
