|Subject:||Re: IPv6 fragmentation and IPv6 header parsing|
|From:||Brad Chapman <kakadu@xxxxxxxxxxxxx>|
|Date:||Mon, 30 Jul 2001 13:21:00 -0400|
|User-agent:||Mozilla/5.0 (X11; U; Linux 2.4.7 i586; en-US; C-UPD: MaxLinux0301) Gecko/20001107 Netscape6/6.0|
Harald Welte wrote:
On Sun, Jul 29, 2001 at 08:55:18PM -0400, Brad Chapman wrote:
(if you get this, Mr. Harald, its because I mispelled `netdev' and deleted
the original message)
Well, okay. I thought about the possiblity of violating the RFCs, and at first
I stayed away from attempting to add IPv4-style fragment support. But, TBH, there
are really three different things that can be done with this issue:
1. Ignore all fragments, and NF_DROP fragmented packets. Period. This one is probably the most RFC-compliant.
2. Copy packets, hold originals, and push copies into connection tracking system.
This one sounds kludgy and bloaty and violates RFCs.
3. Rewrite _everything_ to deal with fragmented packets. TBH, that's scary.
If given a choice, and told that defragging/refragging packets on the fly violated
the RFCs, I would probably choose the first option above.
BTW, what about header chain parsing? Am I doing that right?
|<Prev in Thread]||Current Thread||[Next in Thread>|
|Previous by Date:||Re: IPv6 fragmentation and IPv6 header parsing, Harald Welte|
|Next by Date:||[PATCH] fix for netfilter/nat/pppoe crashes (hopefully), Marc Boucher|
|Previous by Thread:||Re: IPv6 fragmentation and IPv6 header parsing, Harald Welte|
|Next by Thread:||Re: IPv6 fragmentation and IPv6 header parsing, Brad Chapman|
|Indexes:||[Date] [Thread] [Top] [All Lists]|