On Thursday 2009-07-23 08:40, Giacomo wrote: > >Starting from NF_IP_PRE_ROUTING, where destination NAT and >de-masquerading takes place, do the packets arrive fragmented - and >netfilter takes care of the fragments - or do they arrive already >reassembled from the IP stack? > >In the first case, what is, generally speaking, the technique >adopted to track fragmented IP packets and assign each of them to >the correct flow? Connection tracking does not care about packets or their fragment bits per se. Because it reads out the layer-4 header (TCP/etc.) however, it defragments packets for simplicity. >In the second case, if I register with netfilter NF_IP_PRE_ROUTING >hook, which is the correct "priority" >to assign during registration to receive packets already reassembled? Before NF_IP_PRI_CONNTRACK_DEFRAG. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
