Hi, all I use IP filter v4.1.9(592) on Solaris 10 U8.
During testing, I observe that IPFilter will block the fragmented packets out of order when the server doesn't receive the first segment before any of others. Snoop packets are given as an example as the following: Packet 1 & 3 are dropped. Packet 2 & 4 are passed, but waiting for the later fragment. As a result of the packets dropping, ICMP of reassembly time exceeded packets are sent out finally. 1 0.00000 47.154.158.103 -> zcydsf874ha UDP IP fragment ID=10796 Offset=1480 MF=0 TOS=0x0 TTL=64 2 0.00025 47.154.158.103 -> zcydsf874ha UDP IP fragment ID=10796 Offset=0 MF=1 TOS=0x0 TTL=64 3 10.00706 47.154.158.103 -> zcydsf874ha UDP IP fragment ID=10797 Offset=1480 MF=0 TOS=0x0 TTL=64 4 0.00010 47.154.158.103 -> zcydsf874ha UDP IP fragment ID=10797 Offset=0 MF=1 TOS=0x0 TTL=64 5 6.89527 zcydsf874ha -> 47.154.158.103 ICMP Time exceeded (in reassembly) 6 0.00010 zcydsf874ha -> 47.154.158.103 ICMP Time exceeded (in reassembly) 7 0.00008 zcydsf874ha -> 47.154.158.103 ICMP Time exceeded (in reassembly) I come to consult if IPFilter later version supports automatically reassemble IP fragments, or any solution can help me to resolve such problem? thank you very much! P.S. current IP filter version: bash-3.00# ipf -V ipf: IP Filter: v4.1.9 (592) Kernel: IP Filter: v4.1.9 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 1 Feature mask: 0x107 Best regards Xiaohong Liu (Susan) Email: [email protected] Tele: +65 6510 7931/ESN 542 7931 "The author works for Telfonaktiebolaget L M Ericsson ("Ericsson"), who is solely responsible for this email and its contents. All inquiries regarding this email should be addressed to Ericsson. Nortel has provided the use of the nortel.com domain to Ericsson in connection with this email solely for the purpose of connectivity and Nortel Networks has no liability for the email or its contents. The web site for Ericsson is www.ericsson.com <http://www.ericsson.com/> ."
<<Blank Bkgrd.gif>>
