ip-fragmentation

How bad is ip fragmentation

寵の児 提交于 2020-01-01 07:05:20
问题 I understand that when sending ip messages around, each hop in the network path between be and my packet's destination will check if the next hop's MTU is bigger than the size of the packet I sent. If so, the packet will be fragmented and the two packets will be separately sent to the next hop, only to be reassembled at destination (or, in some cases, at the first NAT router encountered). As far as I understand, this thing can be pretty bad, but I don't really understand why. I understand

How bad is ip fragmentation

独自空忆成欢 提交于 2020-01-01 07:05:02
问题 I understand that when sending ip messages around, each hop in the network path between be and my packet's destination will check if the next hop's MTU is bigger than the size of the packet I sent. If so, the packet will be fragmented and the two packets will be separately sent to the next hop, only to be reassembled at destination (or, in some cases, at the first NAT router encountered). As far as I understand, this thing can be pretty bad, but I don't really understand why. I understand

Is it possible to access ip fragments with libnetfilter_queue

ⅰ亾dé卋堺 提交于 2019-12-13 19:36:29
问题 I am using libnetfilter_queue in C to capture packets. I am setting an iptable rule to queue the incoming packets that would later be processed by the userspace implementation like this: iptables -A INPUT -j NFQUEUE --queue-num 0 . I used nfqnl_test example as a framework to implement the capture. Everything works as expected. However, I noticed that it is impossible to inspect the queue on the level of ip fragments. That is, if a packet is coming in fragments it is first reassembled before

Update UDP checksum in fragmented packets

元气小坏坏 提交于 2019-12-11 16:59:29
问题 I'm building a network appliance. I need to support NAT and IP packet fragmentation. When I change the source or destination address of a UDP packet, I have to correct the UDP checksum (and the IP checksum too, but that's trivial). When the packet is fragmented, I'd have to collect all the fragments to recalculate the checksum. I know the old address and the new address. I'd like to: Un-negate the checksum Subtract the old address Add the new address Re-reduce the sum and negate This process

How bad is ip fragmentation

梦想与她 提交于 2019-12-03 21:00:10
I understand that when sending ip messages around, each hop in the network path between be and my packet's destination will check if the next hop's MTU is bigger than the size of the packet I sent. If so, the packet will be fragmented and the two packets will be separately sent to the next hop, only to be reassembled at destination (or, in some cases, at the first NAT router encountered). As far as I understand, this thing can be pretty bad, but I don't really understand why. I understand that if the connection tends to drop a lot of packets, losing a single fragment means I have to resend the
订阅 ip-fragmentation