Page MenuHomeFreeBSD
Differential D26021

ipfw: improve matching on IPv4 fragments
ClosedPublic
Actions

Authored by glebius on Aug 10 2020, 9:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, May 13, 10:16 PM
Unknown Object (File)
May 1 2024, 6:12 AM
Unknown Object (File)
May 1 2024, 6:12 AM
Unknown Object (File)
May 1 2024, 6:12 AM
Unknown Object (File)
May 1 2024, 12:51 AM
Unknown Object (File)
Mar 12 2024, 12:35 AM
Unknown Object (File)
Mar 12 2024, 12:35 AM
Unknown Object (File)
Mar 12 2024, 12:35 AM
View All 38 Files
Subscribers
imp
melifaro
network

Details

Reviewers
ae
Group Reviewers
manpages
Commits
rGe56b2f0b2804: MFC r364117 by glebius:
rS364117: ipfw: make the "frag" keyword accept additional options "mf",
Summary

Currently ipfw(8) allows to match on a packet being not a first fragment.
This prevents even such a simple rule as to block all fragmented packets.

This backward compatible enhancement allows to match explicitly on
IP_MF, IP_DF, even on IP_RF and on non-zero offset.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 32898
Build 30298: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sbin/
ipfw/
33 lines
20 lines
sys/
netpfil/
ipfw/
18 lines

Diff 75650

View Options

sbin/ipfw/ipfw.8

Loading...
View Options

sbin/ipfw/ipfw2.c

Loading...
View Options

sys/netpfil/ipfw/ip_fw2.c

Loading...