Hello all,
Suppose I want to have ip_forwarding on and still reassemble
packets on the firewall host (the default router to the organisation),
say to analyse the packets (ya, this is the sort of defragmenting router
alluded to in a comment in the function ip_rcv) , will there be any
problems?
I see that the comment in the above function admonishes against doing this.
I wanted to know the rationale behind that. I feel that
it applies to a general internet router, but for a
specific router acting as a firewall for someone,
we can reassemble the fragments. Please correct me if
I am wrong.
I was going through the RFC 791 and found these lines relevant
for my statements above.
" .... The basic internet service is datagram oriented and provides for the
fragmentation of datagrams at gateways, with reassembly taking place
at the destination internet protocol module in the destination host.
Of course, fragmentation and reassembly of datagrams within a network
or by private agreement between the gateways of a network is also
allowed since this is transparent to the internet protocols and the
higher-level protocols. This transparent type of fragmentation and
reassembly is termed "network-dependent" (or intranet) fragmentation
and is not discussed further here. ...."
thank
you
gopi
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
