On Sun, May 27, 2007 at 10:45:02PM +0000, Darren Reed wrote:

>  If you replace them all with the same check as above, does it still
>  work properly for you?

I will try this.

>  I'm a little bit surprised that you got away with just one...

The second case fixes the ports inside the embedded TCP/UDP header.
Judging from how NetBSD handles NEEDFRAG messages, this information
is simply ignored. I'd guess that Linux (running on the internet
host in my case), does the same.

The third case seems to handle ICMP error messages to ICMP messages.
Is that possible (except for ECHO) ? In case of ECHO I'd guess
that the contents of the answer is ignored as well.

But I think both checks should be corrected like the first one.

Greetings,
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."