Date: Mon, 9 Feb 1998 14:03:58 -0200 (EDT) From: Joao Carlos Mendes Luis <jonny@coppe.ufrj.br> To: avalon@coombs.anu.edu.au (Darren Reed) Cc: marcs@znep.com, archie@whistle.com, jonny@coppe.ufrj.br, freebsd-hackers@FreeBSD.ORG Subject: Re: ipfw logs ports for fragments Message-ID: <199802091603.OAA22008@gaia.coppe.ufrj.br> In-Reply-To: <199802091228.KAA17319@gaia.coppe.ufrj.br> from Darren Reed at "Feb 9, 98 11:28:11 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
// > > Come to think of it, the latter approach would not be that hard // > > since the kernel is doing this already for locally routed packets, // > > that is, reassembling packet fragments in a fragment queue. Moreover, // > > "most" packets don't get fragmentized. It would spread more ugliness // > > into ip_input.c, but at least the behavoir of the ipfw code would // > > then be semantically correct... // > // > Reassembly sucks. If you have different parts of the fragment following // > different paths, you lose bigtime. It probably violates any number of TCP // > specs. I would have to think about it to decide if I hate it enough to // > say it shouldn't be implemented at all or if there should just be a knob // > to disable it. // > // > I think some of the Linux firewall code does reassembly, and there have // > been numerous problems with it because of this. OTOH, some people also // > like it because of this. // // Right. There are reasons that reassembly is done at "endpoints" rather // than wherever it might be convienient. I like the idea of packet reassembly at firewalling points. If it's easy, I'd like to see a sysctl to force reassembly at ip_input.c. I can't remember anything in the IP protocol that would disallow reassembly in the routers, other than performance. Could you please give examples ? Jonny -- Joao Carlos Mendes Luis jonny@gta.ufrj.br +55 21 290-4698 jonny@coppe.ufrj.br Universidade Federal do Rio de Janeiro UFRJ/COPPE/CISI PGP fingerprint: 29 C0 50 B9 B6 3E 58 F2 83 5F E3 26 BF 0F EA 67 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802091603.OAA22008>