[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tagging & keep state
* Ed White <[email protected]> [2004-05-31 15:32]:
> However I'd like to know if every packet that belongs to that connection
> (matches the state) will be marked with LAN tag.
no, only the first packet is (to be exact: only packets which do not
match a state entry are tagged). This hasn't been a problem in practice
(and is why the parser demands keep state on pass rules which do
tagging); the tag operation is comparably expensive performance-wise so
you don't really want that for each packet.
Henning Brauer, BS Web Services, http://bsws.de
[email protected] - [email protected]
Unix is very simple, but it takes a genius to understand the simplicity.