-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Julian" == Julian Anastasov <ja@xxxxxx> writes:
>> I think you are missing what I am saying.
>> Yes, it was called in the local delivery code, but is no longer.
>> Our experience is that some aspect of compiling netfilter into a kernel
>> (not necessarily with conntrack on) causes ip_defrag() to get called
before
>> local delivery.
Julian> I don't see where is the problem. There is always someone that
Julian> calls ip_defrag before the protocols, the last one is
Julian> ip_input.c:ip_local_deliver() if it is still not called. So, remains
Julian> the issue with the linearization and the checksums.
It used to be that someone always did linearization of skbuff. This is the
problem - this changed unilaterally. We would, of course, be happy to
integrate our code into the kernel, once the kernel source are moved to a
free country.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPBT4RoqHRg3pndX9AQF5kgP7Bq8rIu0lp1l5zm63HYspGCuzizBy+Dof
pUyRTsLvBoYqFpbxo5FNntFv+Ku5SsH/5kurDcWqtMZzxp+phIgupbJuP7CGUiQc
FjlzWzCK+jItkeswNMwBtWX2EWRZVNqolVMmHoNdNEL/soL56FehXTshj7NvBulX
np9vzYMmOFE=
=OfoA
-----END PGP SIGNATURE-----
|