[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tagging & keep state



* Ed White <[email protected]> [2004-05-31 15:32]:
> However I'd like to know if every packet that belongs to that connection 
> (matches the state) will be marked with LAN tag.
no, only the first packet is (to be exact: only packets which do not 
match a state entry are tagged). This hasn't been a problem in practice 
(and is why the parser demands keep state on pass rules which do 
tagging); the tag operation is comparably expensive performance-wise so 
you don't really want that for each packet.
-- 
Henning Brauer, BS Web Services, http://bsws.de
[email protected] - [email protected]
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)