On Saturday 2010-09-04 19:09, Nicola Padovano wrote: >then iptables (where TAR is my new target) >[IPTABLES] >iptables -t mangle -A PREROUTING -p tcp -s localhost -j TAR >[/IPTABLES] >(note: i use mangle table to have available PREROUTING hook, where the >packets are not yet defragmented) > >so hpinging in this way (-c = packets' number, -m = mtu in byte) >[HPING] >hping -m 4 -c 1 localhost >[/HPING] MTU=4 does not even make for a proper IPv4 packet, for which the minimum reasonable MTU would be the IPv4 header size. Plus perhaps at least part of the fragment, i.e. 24 octets. God knows what happens if you use MTU=4. An MTU of 4 >Now let's a look to output >[OUTPUT] >sk_buff len: 24 >!!!fragmented!!! >frag off: 0 > >sk_buff len: 24 >!!!fragmented!!! >frag off: 0 This might be the reply. >sk_buff len: 24 >!!!fragmented!!! >frag off: 1 > >sk_buff len: 24 >!!!fragmented!!! >frag off: 1 Also reply. >sk_buff len: 24 >!!!fragmented!!! >frag off: 2 Input only, and empty fragment. You ought to check the packet size. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
