RE: [suse-security] IP_ALWAYS_DEFRAG - Settings in /proc/*
Hi All, thanks for the answers so far. I have done quick test it seems to correspond with "Anders Johansson"'s email. The /proc/sys/net/ipv4/ip_always_defrag setting matches the number of Masqueraded sessions I have open. using netstat -M Thanks Steven -----Original Message----- From: Anders Johansson [mailto:anjo.modul1@telia.com] Sent: 21 February 2001 01:11 To: Steven Thompson; SuSE security mailing list (E-mail) Subject: Re: [suse-security] IP_ALWAYS_DEFRAG - Settings in /proc/* After a quick grep through the kernel source, I think it is used internally as a sort of 'level indicator' to keep track of the number of tasks that's turned it on. All logical checks against it that I can find are for == 0 or != 0, so 6 would be the same as 1, i.e. 'on'. HTH Anders On Wednesday 21 February 2001 11:37, Steven Thompson wrote:
Hi All
What is the possible setting for the following and what do they mean:
/proc/sys/net/ipv4/ip_always_defrag
I know "0" disables and "1" enables.
What does the value "6" mean for the above setting?
Where can I find a list explaining the meaning of the different settings?
Thanks in advance
Steven
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
The /proc/sys/net/ipv4/ip_always_defrag setting matches the number of Masqueraded sessions I have open. using netstat -M
Hmm... I guess there's more to it than just that. On my machine the current value is -12. Your explanation wouldn't allow for negative numbers. Cheers, Yuri.
On Wednesday 21 February 2001 15:15, Yuri Robbers wrote:
The /proc/sys/net/ipv4/ip_always_defrag setting matches the number of Masqueraded sessions I have open. using netstat -M
Hmm... I guess there's more to it than just that. On my machine the current value is -12. Your explanation wouldn't allow for negative numbers.
Yes it would. The code I looked at just decreased the value by one, without looking at it's previous value. If you had 13 sessions going, and something/someone set the value to 1, then as the sessions ended, the value would creep down to -12, thereby never turning of ip_always_defrag. That's how I understand the code, anyway, though I could of course be wrong. If this is the case, can it be labeled a bug? Anders
Hmm... I guess there's more to it than just that. On my machine the current value is -12. Your explanation wouldn't allow for negative numbers.
Yes it would. The code I looked at just decreased the value by one, without looking at it's previous value. If you had 13 sessions going, and something/someone set the value to 1
Impossible. Unless of course my machine has been compromised. I am the only one with root access, and I never touched that setting.
, then as the sessions ended, the value would creep down to -12, thereby never turning of ip_always_defrag. That's how I understand the code, anyway, though I could of course be wrong. If this is the case, can it be labeled a bug?
Perhaps... I didn't look at the code... Anyway: perhaps this is getting off-topic and should be continued off-list? Cheers, Yuri.
Impossible. Unless of course my machine has been compromised. I am the only one with root access, and I never touched that setting.
, then as the sessions ended, the value would creep down to -12, thereby never turning of ip_always_defrag. That's how I understand the code, anyway, though I could of course be wrong. If this is the case, can it be labeled a bug?
Perhaps... I didn't look at the code...
Anyway: perhaps this is getting off-topic and should be continued off-list?
It has been discussed already. See http://lists.suse.com/archives/suse-security/2000-Oct/0287.html We need a fulltext search on the ml archive, soon...
Cheers, Yuri.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
* Roman Drahtmueller wrote on Wed, Feb 21, 2001 at 16:26 +0100:
http://lists.suse.com/archives/suse-security/2000-Oct/0287.html
We need a fulltext search on the ml archive, soon...
Ups, there is not full-text search available? Yep, I would suggest to install something :) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (5)
-
Anders Johansson -
Roman Drahtmueller -
Steffen Dettmer -
Steven Thompson -
Yuri Robbers