svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf

[Hans Petter Selasky]

Hi Robert,

On 04/02/15 20:32, Robert N. M. Watson wrote:
> On 2 Apr 2015, at 19:24, Hans Petter Selasky <hps at selasky.org> wrote:
>
>> In my sketchup I assume that packets for the same destination will not be re-ordered. I see that the current ip_reass() code does not care about TCP or UDP port numbers at all. Maybe we should add code to check that the packet belongs to the same ports too?
>
> Higher-level network headers will appear only in the first fragment, so can't be used in matching later fragments.

Right.

>
>> Does somebody here know what happens in these two cases:
>>
>> If we are transmitting using TSO, will the network adapter increment the IP ID field somehow? What happens if an outgoing IP packet resulting from a TSO packet get fragmented by a router?
>
> Quite possibly -- this is presumably specified by the NIC vendor, but it would be good to do a bit of a survey and see what happens in practice.
>
>> In ip_fragment() when we create fragments we should increment the ip_id value for each fragment?
>

I'm asking because the code in FreeBSD, since the beginning probably, 
just copies the IP header, and use the same IP ID for all the fragments 
! This just hit my mind after some recent work in this area.

>
> That you are asking this question while hacking on the IP ID code is deeply troubling.
 > Please go read up on how IP fragmentation works before going any 
further with these changes!

I see from ip_reass() how it works.

--HPS