IP fragmentation with linux kernel 2.4.x

This is a discussion on IP fragmentation with linux kernel 2.4.x within the Linux Networking forums, part of the Linux Forums category; Hi, I'm looking for informations (urls, documentation, etc.) that can confirm the following linux kernel behavior. It seems that ...


Go Back   Usenet Forums > Linux Forums > Linux Networking

Reload this Page IP fragmentation with linux kernel 2.4.x

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-14-2004
Alain FORCIOLI
 
Posts: n/a
Default IP fragmentation with linux kernel 2.4.x
Hi,

I'm looking for informations (urls, documentation, etc.) that can confirm
the following linux kernel behavior.

It seems that in case of IP fragmentation, linux kernel 2.4.x start to
send the last ip fragment first. I think it do it to get easier
calcultation of the total IP packet lenght on the target side.

I have a firewall (commercial and proprietary) that don't accept to
receive the last fragmented packet first. So as I can't change this
firewall (sorry) I would like to know if I can modify this kernel
behavior.

Thanks for your help.

--
Alain FORCIOLI OpenPGP: 1024D/73855675

Reply With Quote
  #2 (permalink)  
Old 01-21-2004
Lew Pitcher
 
Posts: n/a
Default Re: IP fragmentation with linux kernel 2.4.x
Alain FORCIOLI wrote:
> Hi,
>
> I'm looking for informations (urls, documentation, etc.) that can confirm
> the following linux kernel behavior.
>
> It seems that in case of IP fragmentation, linux kernel 2.4.x start to
> send the last ip fragment first. I think it do it to get easier
> calcultation of the total IP packet lenght on the target side.
>
> I have a firewall (commercial and proprietary) that don't accept to
> receive the last fragmented packet first. So as I can't change this
> firewall (sorry) I would like to know if I can modify this kernel
> behavior.

I'm certain that you can modify the Linux kernel so that it sends the first
fragment first. It's just a simple matter of programming: you have the kernel
source, so make the changes and recompile.

However, I'd be suspect of your commercial, propriatary firewall, and would
replace it as soon as I could, if I were you. A firewall that refuses to work
with IP is one that may be faulty in other ways as well. FWIW, IP does not
guarantee the order of fragments under any circumstances, and an IP stack (such
as the one in your firewall) that demands ordered fragments is a broken IP
stack. Your firewall is broken; can you trust that it is doing it's job properly?

> Thanks for your help.
>


--
Lew Pitcher

Master Codewright and JOAT-in-training
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:40 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0