> I'm trying to set up some packet filtering, on a fairly primitive box. I can
> use it get the value of a field at a particular offset, but am unable to
> calculate an offset to use - it has to be an explicit constant value.
>
> The IHL field in the IP header indicates the length of that header - so if,
> for instance, I need to get to the TCP destination port field within the
> packet, I should calculate the offset of it based upon the value of the IHL.
>
> So my question is, is it valid to reject packets which have an IHL value of
> something other than 5, since I can't find a way to index into packets with
> a different value
The short answer is, yes it's valid. The question is, do you want to do it
or not?
It's okay to reject if you have determined that no IP packets containing
options will be permitted. Otherwise, that's not a good determining
factor. The real solution is to filter on header offsets from the TCP
Header and not IP.
A question to the group -- are there any firewalls / routers / 'anything
else that filters' that will allow you to choose offsets from the transport
header rather than the IP header?
--
chris kostick
CSC - Network Dude (official title, really. :)
References:
|
|
