On 17-Jan-2001 Andi Kleen wrote:
>
> Connection tracking always defrags as needed.
> masquerading/NAT/iptables
> with connection tracking uses that.
>
> This means that if any of these are enabled and your machine acts
> as a
> router lots of CPU could get burned in defragmentation, and packets
> will not forwarded until all fragments arrived.
Hmm... ok, what if I'm on a single nic system using ipchains on the
input and want to always defrag before they hit the ipchains
filter, what settings would I need? No masq., no NAT. (bearing in
mind that ipchains differentiates between SYN+frag and noSYN+frag.
>
> All very nasty, but unfortunately there is no alternative.
>
Nasty but necessary. Such is life.
-tony
---
E-Mail: Tony Gale <[EMAIL PROTECTED]>
Isn't it nice that people who prefer Los Angeles to San Francisco live there?
-- Herb Caen
The views expressed above are entirely those of the writer
and do not represent the views, policy or understanding of
any other person or official body.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
