Re: Sequence of IP fragment packets on the wire

David Schwartz (davids@webmaster.com)
Thu, 3 Oct 2002 04:18:36 -0700


On Thu, 3 Oct 2002 10:51:08 +0000 (UTC), Henning P. Schmiedehausen wrote:

>as far as I can see, Linux sends out fragmented IP packets
>"butt-first":
>(where the first packet is actually the fragmented 2nd part of the
>second packet).
>
>This confuses at least one firewall appliance.

I'm afraid that this firewall appliance is fundamentally broken. Nothing you
can do to Linux can fix this fundamental breakage. I can give further
examples, analogies, and argumentation, but it really should be obvious that
IP, fundamentally, does not guarantee any particular reception order and
anything that assumes it does cannot be fixed except by changing the
assumption.

This is as bad as a TCP application that assumes one 'read' call will return
an entire line or command. You cannot push the problem elsewhere.

DS

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/