From owner-freebsd-hackers  Mon Feb  9 08:04:47 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA25895
          for hackers-outgoing; Mon, 9 Feb 1998 08:04:47 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from gaia.coppe.ufrj.br (cisigw.coppe.ufrj.br [146.164.5.200])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA25887
          for <freebsd-hackers@FreeBSD.ORG>; Mon, 9 Feb 1998 08:04:41 -0800 (PST)
          (envelope-from jonny@coppe.ufrj.br)
Received: (from jonny@localhost)
	by gaia.coppe.ufrj.br (8.8.8/8.8.8) id OAA22008;
	Mon, 9 Feb 1998 14:03:58 -0200 (EDT)
	(envelope-from jonny)
From: Joao Carlos Mendes Luis <jonny@coppe.ufrj.br>
Message-Id: <199802091603.OAA22008@gaia.coppe.ufrj.br>
Subject: Re: ipfw logs ports for fragments
In-Reply-To: <199802091228.KAA17319@gaia.coppe.ufrj.br> from Darren Reed at "Feb 9, 98 11:28:11 pm"
To: avalon@coombs.anu.edu.au (Darren Reed)
Date: Mon, 9 Feb 1998 14:03:58 -0200 (EDT)
Cc: marcs@znep.com, archie@whistle.com, jonny@coppe.ufrj.br,
        freebsd-hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

// > > Come to think of it, the latter approach would not be that hard
// > > since the kernel is doing this already for locally routed packets,
// > > that is, reassembling packet fragments in a fragment queue. Moreover,
// > > "most" packets don't get fragmentized. It would spread more ugliness
// > > into ip_input.c, but at least the behavoir of the ipfw code would
// > > then be semantically correct...
// > 
// > Reassembly sucks.  If you have different parts of the fragment following
// > different paths, you lose bigtime.  It probably violates any number of TCP
// > specs.  I would have to think about it to decide if I hate it enough to
// > say it shouldn't be implemented at all or if there should just be a knob
// > to disable it.
// > 
// > I think some of the Linux firewall code does reassembly, and there have
// > been numerous problems with it because of this.  OTOH, some people also
// > like it because of this.
// 
// Right.  There are reasons that reassembly is done at "endpoints" rather
// than wherever it might be convienient.

I like the idea of packet reassembly at firewalling points.  If it's easy,
I'd like to see a sysctl to force reassembly at ip_input.c.

I can't remember anything in the IP protocol that would disallow reassembly
in the routers, other than performance.  Could you please give examples ?

					Jonny

--
Joao Carlos Mendes Luis			jonny@gta.ufrj.br
+55 21 290-4698				jonny@coppe.ufrj.br
Universidade Federal do Rio de Janeiro	UFRJ/COPPE/CISI
PGP fingerprint: 29 C0 50 B9 B6 3E 58 F2  83 5F E3 26 BF 0F EA 67

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe hackers" in the body of the message