[ndbug] Question regarding PF scrub

Hrishikesh Muruk hrishim at gmail.com
Fri Dec 23 01:46:41 PST 2016 

On Fri, Dec 23, 2016 at 10:25 AM, Philip Paeps <philip at trouble.is> wrote:

> On 2016-12-22 18:37:36 (+0530), Hrishikesh Murukkathampoondi <
> hrishim at gmail.com> wrote:
>
>> I am not familiar with TCP/IP or other protocols so I do not
>> understand what the manual says.
>>
>
> You will find it a lot easier to deal with packet filters if you improve
> your understanding of the protocols.  I can recommend getting your hands
> on a copy of "TCP/IP Illustrated, Volume 1".  But even just reading the
> descriptions of TCP and IP on Wikipedia will be helpful.
>
> Questions:
>>
>> 1. What are fragmented packets? I am guessing these are large data
>> packets that are broken down into smaller ones
>>
>
> Correct.  A link-layer protocol like Ethernet has limits on how much
> data can fit in a packet.  IP can fragment packets into smaller packets
> that will fit on the wire.
>
> 2. From this link https://tools.ietf.org/html/rfc6864 I am guessing
>> that the  IPv4 identification field is used for managing fragmentation
>> and re-assembly of packets. If this field is set to a random value how
>> will the reassembler know the correct order of packets?
>>
>
> The identification field is not used for reassembly.  The reassembler
> can determine the correct ordering of the packets from the fragment
> offset.  Moreover, most IP implementations will do their best to avoid
> out-of-order delivery.
>
> There are very few actual use cases for the identification field in the
> IP header.  Most of them are related to quality of service.
>
> 3. What is segment size? Why should it be limited?
>>
>
> It's the size of a TCP segment that goes in an IP packet.  You can avoid
> IP fragmentation by ensuring that the MSS plus the IP header fits in one
> MTU.
>
> Trouble
>
> --
> Philip Paeps
> Senior Reality Engineer
> Ministry of Information
>

Thanks for the responses. I certainly want to improve my knowledge of
protocols.

I managed to find kindle edition for just Rs. 66.49!!

Hrishi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ndbug.in/mailman/private/talk/attachments/20161223/37152bd3/attachment.html>

More information about the talk mailing list