Good morning to all. I would like to ask you some points concerning IP fragmented packets arriving on an interface and the way they are handled by the netfilter modules, in particular what is the situation in the netfilter hooks. Starting from NF_IP_PRE_ROUTING, where destination NAT and de-masquerading takes place, do the packets arrive fragmented - and netfilter takes care of the fragments - or do they arrive already reassembled from the IP stack? In the first case, what is, generally speaking, the technique adopted to track fragmented IP packets and assign each of them to the correct flow? In the second case, if I register with netfilter NF_IP_PRE_ROUTING hook, which is the correct "priority" to assign during registration to receive packets already reassembled? Thanks in advance. Giacomo -- Giacomo S. http://www.giacomos.it - - - - - - - - - - - - - - - - - - - - - - * Aprile 2008: iqfire-wall, un progetto open source che implementa un filtro di pacchetti di rete per Linux, e` disponibile per il download qui: http://sourceforge.net/projects/ipfire-wall * Informazioni e pagina web ufficiale: http://www.giacomos.it/iqfire/index.html - - - - - - - - - - - - - - - - - - - - - - . '' `. : :' : `. ` ' `- Debian GNU/Linux -- The power of freedom http://www.debian.org -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
