> I was originally diverting udp packets heading to a particular port then
> I flushed the ipfw and tried:
>
> ipfw add 60000 divert 4422 ip all from any to any in
> and still no packets are received by recvfrom(). Would the port numbers
> matter for this case.
probably not but better check if you have any former rule which
matches fragments
luigi
> Alwyn
> [EMAIL PROTECTED]
>
>
>
>
>
> On Wed, 24 Jan 2001, Luigi Rizzo wrote:
>
> > it depends on what template do you use for matching.
> > the firewall acts before reassembly, so for the fragments you will
> > not be able to see the port numbers.
> >
> > cheers
> > luigi
> >
> > > I have been using divert sockets for a while sending small (< MTU) UDP
> > > packets and everything worked fine. Now that the UDP packets are larger
> > > (>MTU = 1500) and hence fragmentation is taking place there seems to be a
> > > problem. tcpdump tells me that the fragmented packets arrive but it seems
> > > that they are never diverted. I say this because after they are received
> > > recvfrom () never gets the packet. I've done things like play with the
> > > nbytes field of the recvfrom() fn. without any success. Any
> > > suggestions, I'm sure its something stupid.
> > >
> > >
> > > Alwyn
> > > [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> > >
> > > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > > with "unsubscribe freebsd-hackers" in the body of the message
> > >
> >
> >
>
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
