Hi, Julian:
Do you know this code in ip_fw.c?
#define BRIDGED (cookie == &bridgeCookie)
hlen = ip->ip_hl << 2;
Is this cause bridging fwd or divert problem? If so, how can we change it
for bridging ipfw fwd or divert?
Thanks.
**
Henry Su *
NTT MCL *
***
but of course divert doesn't work with bridging (which you are doing)
On Sun, 30 Dec 2001, Henry Su wrote:
>
> Is it possible to use ipfw provide packet header details to a user program
> for authentication? Any clue will be greatly appreciated.
>
>
> **
> Henry Su *
> NTT M
On Sun, 30 Dec 2001, Randall Stewart wrote:
> > Heh, you nailed the reverse of the problem we've seen: Right now the easy
> > way to cause exhaustion is to fill up _send_ buffers, via netkill. I
> > guess if we solve that problem, out of order segments could be used for an
> > attack too.
> >
Mike Silbersack wrote:
>
> On Wed, 26 Dec 2001, Randall Stewart wrote:
>
> > This comment facinates me. The reason we made SACK's in SCTP
> > revokeable is due to the potential DOS attack that someone
> > can supposedly lauch if you don't allow the stack to revoke.
> >
> > I can actually see the
Is it possible to use ipfw provide packet header details to a user program
for authentication? Any clue will be greatly appreciated.
**
Henry Su *
NTT MCL *
**
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the me
