(I didn't find this mentioned specifically in the HOWTO, so I hope I'm
not rehashing an old thread...)
In the application-specific IP Masq modules, it doesn't appear that any
special attention is paid to the fact that a masq module may be dealing
with an IP fragment as opposed to a whole packet. As an example, in the
RealAudio module masq_rtsp_out() (ip_masq_raudio.c, Linux 2.0.36), the
string-matching search appears to assume that the entire packet is
present -- that is, there is no provision for a partial string match,
where part of the string is in one fragment and the rest of the string
is in the next fragment.
What I'm wondering is:
(1) Are we definitely dealing only with whole packets at this
level of masq (and if so, where is the re-assembly handled?)?; or
(2) Is it just assumed that fragments won't be a problem, i.e., we
can safely assume that a string search, for example, won't span
multiple fragments?
It appears that a kernel option ALWAYS_DEFRAGMENT (or something like
that) can be set and is highly recommended, but it does not appear to
be *mandatory* (or am I mistaken?), meaning we *could* have fragments
passed to the app-specific modules, such as masq_rtsp_out(), as far as
I can tell.
Of course, it could be that I'm just dense and missed something...
Thanks,
- Vince
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
