Re: Sequence of IP fragment packets on the wire

From: Richard B. Johnson (root@chaos.analogic.com)
Date: Thu Oct 03 2002 - 07:42:47 EST


> as far as I can see, Linux sends out fragmented IP packets
> "butt-first":
> (where the first packet is actually the fragmented 2nd part of the
> second packet).
> This confuses at least one firewall appliance.
>

The sequence-number of an IP Packet, whether or not it's fragmented,
has nothing to do with any order of reception. The "2nd" part of
a fragmented packet may be received at any time, in fact multiple
times. Any so-called Network appliance that assumes that there is
any specific order of packets being received is fundamentally
broken.

Well designed network software can sometimes optimize its buffer
handling if it "knows" that the last packet of a fragment has
been received, but it can't count on any specific order because
there isn't any. Even if you put all your "ducks in a row" on
the wire, once the least-cost route becomes different for different
packets, all bets are off. You might get one packet with satellite-
link latency (seconds) and another with terrestrial latency
(miliseconds).

Cheers,
Dick Johnson
Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips).
The US military has given us many words, FUBAR, SNAFU, now ENRON.
Yes, top management were graduates of West Point and Annapolis.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Oct 07 2002 - 22:00:38 EST