Re: firewall hooks and fragmentation in 2.0.3x

Alan Cox (alan@lxorguk.ukuu.org.uk)
Wed, 11 Jun 1997 21:31:27 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: linux kernel account: "Re: "obsolete" hardware"
Previous message: Theodore Y. Ts'o: "Re: journaling filesystem"

> Each IP datagram goes through the output INET firewall code
> exactly once. Fragmentation happens *after* the output code has
> said 'YES'. Further, the whole output datagram will be provided

Doesnt work like that and it wont work like that. We don't gain anything
by such a rule but we lose performance. The kernel doesnt build a complete
packet for many code paths, its building bits and sending some before its even
thought about the rest of the packet.

Alan

Next message: linux kernel account: "Re: "obsolete" hardware"
Previous message: Theodore Y. Ts'o: "Re: journaling filesystem"