On Mon, Feb 02, 2004 at 10:48:08AM +0000, Steve Hill wrote:
> If fragmented packets do not lead to conntrack entries, how are their
> connections tracked? I was under the impression that fragmented packets
> were received by one NIC, defragged, pushed through all the netfilter code
> and then transmitted by another NIC (after being fragmented again if they
> are > MTU size)?
Yes, this is indeed the case. Whihc is not a contradiction to what
Jozsef said. They are defragmented before getting passed to conntrack,
and thus look exactly the same like unfragmented packets throughout the
network stack (until NF_IP_POST_ROUTING).
> Machines 1 and 3 are running the 2.4 kernel for me, but that shouldn't be
> important.
> Machine 2 is running 2.6.2rc2.
> I am making > MTU sized pings from machine 1 to machine 3 and machine 2 is
> showing the leak.
Are you running any netfilter / networking related patches? Anything
else special about the setup?
> - Steve Hill
> Senior Software Developer Email: steve@xxxxxxxxxxxx
--
- Harald Welte <laforge@xxxxxxxxxxxx> http://www.gnumonks.org/
============================================================================
Programming is like sex: One mistake and you have to support it your lifetime
signature.asc
Description: Digital signature
|