Date: Sat, 27 Jan 2001 22:36:37 +0100 From: mouss <usebsd@free.fr> To: Peter Pentchev <roam@orbitel.bg> Cc: Archie Cobbs <archie@dellroad.org>, Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu>, hackers@FreeBSD.ORG Subject: Re: packet redirection design problem [Divert Sockets & Fragmentation revisited] Message-ID: <01012722503600.00529@dades.chilali.net> In-Reply-To: <20010127140602.B328@ringworld.oblivion.bg> References: <Pine.SOL.4.21.0101252258280.9067-100000@gradient.cis.upenn.edu> <4.3.0.20010126202555.06e24350@pop.free.fr> <20010127140602.B328@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
the "defrag all" feature of Linux solves the discussed problem, but can be improved. We do not need to defrag the packets. We just need to queue them. and, when the first frag has been received, we only need to save the informations necessary for filtering (ip header stuff + ports for TCP/UDP and other things for icmp or ....) the algo might be something like: - if packet is not frag, do as usual and skip the frag stuff - find packet in fragments list - if not found, create a new list - if the list contains the infos on the ports (I am restricting myself to tcp/udp for simplicity, but any kind of infos may be used), then the packet is ready for filtering: the rule may be found and applied to the packet. we do not need to queue it. * if the packet is the last one, delete the list * if frag timeout, delete the list - if not, then - if packet contains the infos (first frag), then store them and find the filtering rule and apply it for all the packets queued in the list. - else, queue packet So the code would be like the reassembly one, except that: - packets are "delivered" (passed to filters and the rest of ip_input) when the first frag is received (I am assuming that the first frag contains the infos necessary for filtering). - to handle next frags, the infos (ip header stuff and ports or so) are still kept in the list. With this method, if fragments come in order, packets are never queued. (Note that linux is unfriendly here: it sends frags in reverse order...). cheers, mouss On Sat, 27 Jan 2001, Peter Pentchev wrote: > > Hmm isn't this exactly the issue that's addressed in the Linux kernel > by the 'always reassemble the whole packet before processing' config > option? Wouldn't this be good/desired behavior? > > Or am I on crack - is FreeBSD already doing this? From this discussion > I gather it's not.. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01012722503600.00529>