Hi,
This is something that came up at work. While the ipfw code make sure
the tcp header is contiguous in ipfw_chck by calling PULLUP_TO, the code
does not guarantee 'contiguousity' of the TCP option space.
This means that code that walks the option space in ipfw (namely
tcpopts_match) could
Hi,
I wanna share my experiences about ipfw in-kernel nat problems with you.
When a packet injects into ipfw in-kernel nat more then once,
operating systems behave abnormally.
Let's inspect the ruleset below:
ipfw table 12 add 10.0.14.1/32 33
ipfw table 13 add X.Y.128.30/32 33
ipfw nat 33 confi
