Greetings,
I've noticed that when ip-traffic, to be masqueraded, is sent through my
firewall the value of /proc/sys/net/ipv4/ip_always_defrag changes up and
down. Both positive and negative values have been observed.
This is rather annoying since when the value occasionally hits 0 the
defrag option is disabled (at least for non-masqueraded traffic),
my firewall starts dropping fragments since there is no rule for them.
(In a normal case all packets are defragged before hitting the
firewall code)
Setting /proc/sys/net/ipv4/ip_always_defrag back to 1 temporary solves
the problem until masq traffic changes it again.
A quick look in net/ipv4/ip_masq.c and ip_fw.c tells that probably
some of the sysctl_ip_always_defrag++ (or --) calls runs a bit
uncontrolled. But that's just a guess.
regards
/Ralf Nyrén
output of ver_linux script:
-- Versions installed: (if some fields are empty or looks
-- unusual then possibly you have very old versions)
Linux Iluvatar 2.2.14 #2 Fri Jan 7 18:53:48 CET 2000 i586 unknown
Kernel modules 2.3.9
Gnu C 2.95.2
Binutils 2.9.5.0.22
Linux C Library 2.1.2
Dynamic linker ldd: version 1.9.11
Procps 2.0.6
Mount 2.10d
Net-tools 2.05
Console-tools 0.2.3
Sh-utils 2.0
Modules Loaded lockd sunrpc ip_masq_irc ip_masq_ftp ne 8390 via-rhine
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:14 EST