Could somebody test out the attached patch on a -current machine?
I don't have one handy.
This patch allows the ng_ether(4) "lower" and "orphans" hooks to
be used simultaneously (see also PR kern/63317).
Thanks,
-Archie
__
A
Hi!
When a rule 'reset tcp' matches, a kernel generates new TCP packet.
Will it have to go through ipfw list (from the beginning or not)?
Eugene Grosbein
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubsc
On Thu, May 13, 2004 at 05:00:47PM +0800, Eugene Grosbein wrote:
> Hi!
>
> When a rule 'reset tcp' matches, a kernel generates new TCP packet.
> Will it have to go through ipfw list (from the beginning or not)?
ipfw2 uses an mbuf flag to bypass the firewall - I am not sure if i
only used it for t
Luigi Rizzo wrote:
> > When a rule 'reset tcp' matches, a kernel generates new TCP packet.
> > Will it have to go through ipfw list (from the beginning or not)?
>
> ipfw2 uses an mbuf flag to bypass the firewall - I am not sure if i
> only used it for the keepalives or also for TCP reset packets
On Thu, May 13, 2004 at 05:31:46PM +0800, Eugene Grosbein wrote:
E> > > When a rule 'reset tcp' matches, a kernel generates new TCP packet.
E> > > Will it have to go through ipfw list (from the beginning or not)?
E> >
E> > ipfw2 uses an mbuf flag to bypass the firewall - I am not sure if i
E> > on
On Thu, May 13, 2004 at 05:31:46PM +0800, Eugene Grosbein wrote:
> Luigi Rizzo wrote:
>
> > > When a rule 'reset tcp' matches, a kernel generates new TCP packet.
> > > Will it have to go through ipfw list (from the beginning or not)?
> >
> > ipfw2 uses an mbuf flag to bypass the firewall - I am n
Luigi Rizzo wrote:
> > Please check. I suspect it does not enter ipfw itself,
>
> yes it does skip the firewall, see ip_fw2.c:send_pkt() near the
> end:
>
> ip_rtaddr(ip->ip_dst, &sro);
> --->m->m_flags |= M_SKIP_FIREWALL;
> ip_output(m, NULL, &sro, 0, NULL, NULL);
>
> remov
Dear networkers,
I'm looking for a Broadcom BCM5704[S] technical datasheet. If anyone has
such a beast, or knows how one could obtain it, please let me know.
Thanks in advance,
--
Ruslan Ermilov
[EMAIL PROTECTED]
FreeBSD committer
pgp0.pgp
Description: PGP signature
On Thu, May 13, 2004 at 05:55:05PM +0800, Eugene Grosbein wrote:
E> Please make it possible (using sysctl or any other mean) to
E> disable M_SKIP_FIREWALL for such packets (I suppose 'unreach' rules
E> are affected too). I DO need to process ALL outgoing packets.
E> For exapmle, I must use 'ipfw fw
On Thu, May 13, 2004 at 05:55:05PM +0800, Eugene Grosbein wrote:
...
> > removing the M_SKIP_FIREWALL would let ipfw process the
> > packet too. HOWEVER: i think it is a bug in the general case
> > to reprocess internally-generated packet, because you would rely
> > on a correct ipfw configuration
On Thu, May 13, 2004 at 06:48:56AM -0700, Luigi Rizzo wrote:
> 2.- all other firewall-generated TCP packets (rst and keepalives)
> go through send_pkt() and then bypass the firewall.
> The only way we could safely go through the firewall again is
> to make sure that we never send a RST in re
Hi all,
My setup :
--
FreeBSD hostname 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #2: Wed Apr 28
09:40:43 EST 2004
fxp0 : link to the outside world
fxp1 : link to LAN
fxp2 : link to DMZ
ipf firewall
ipnat for LAN and rdr for services.
--
I'm running tcpmssd to fix MSS:
/usr/local/bin/tcpmssd -p 100
I started a T/TCP connection and started sending packets. Client sent
first packet with SYN,data1,PSH,FIN. But server is sending SYN-ACK and
igonring the data which is sent because of SYN-flood attack DOS protection.
Client had to send the data1 packet again. After this time, server is able
to
13 matches
Mail list logo
