* Gerhard Sittig wrote on Mon, May 29, 2000 at 19:12 +0200:
On Mon, May 29, 2000 at 12:36 +0200, Steffen Dettmer wrote:
* Gerhard Sittig wrote on Sun, May 28, 2000 at 22:24 +0200: [at this ident level]
I wasn't very clear it seems. I meant: When path MTU discovery (and obeying the gotten values, of course:) is a common technique, fragmentation shouldn't have to happen at all.
I cannot imagine that MTU discovery works through masquerading routers, since the ICMP would never reach the sender. Correct me if I'm wrong.
So I still feel that dropping fragmented packets in general to be a valid option.
Useing IPSec FreeS/WAN you would drop most packets, since they use internally a MTU around 16K IIRC, and a "re-fragmentation" occurs [AFAIK].
cycles and memory consumption) to me. Unless I got something wrong (confused some layers?) in which case I'm sure you tell me I did.
Well, maybe there're some (broken) implemtations without MTU discovery or with a buggy one. Maybe a Palm IIIx (don't know anything about it's IP stack, but it's a simple one)...
it's not so quite easy to drop too short packets I think. Telnet may send packets with just one byte date for instance.
By too short a packet I thought of "not having enough room to even contain a full IP header and whatever is the header of the layer above (TCP/UDP for ports, ICMP for types, etc). This doesn't touch the length of the payload for the application.
Well, so it would be simply malformed you mean? Isn't the linux kernel dropping such packets always? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.