[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scrub and fragments



--- Henning Brauer <hostmaster@bsws.de> wrote:
> On Mon, Nov 18, 2002 at 05:25:43AM -0800, Dan
> Moinescu wrote:
> > As it happens, some NFS packets are fragmented and
> the
> > "scrub in" directive was blocking the fragments.
> > I removed the scrub lines and it worked, but then
> I
> > tried the same NFS thing with a machine behind the
> > firewall and it failed again.
> > This time, it was because the NFS fragments were
> > passing through the firewall without being NATed,
> as
> > the full IP datagrams were, and this obviously
> > confused the server.
> > 
> > So it looks like pf on 3.1 can't handle fragments.
> Was
> > this fixed in 3.2?
> 
> you fail to give details. I bet you are using a
> linux box as NFS client.
> linux sends fragmented NFS packets with the Don't
> Fragment bit set, which,
> well, go figure yourself. 
> 
I was indeed using a Linux box as the NFS client. But
nonetheless, this means that if some Linux router or
server out there decides to fragment a packet going to
my OpenBSD box, that network connection will be
corrupted, is that true?
Regards,
Dan.
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com