Hosting Provided By

(no subject)

From: AARON SUEN <ags137(at)psu.edu>
Date: Sun Feb 23 2003 - 05:53:16 EST

I noticed the following statement in the message for the new random IP ID / NAT detection defeat upgrade to pf recently:

"List: openbsd-cvs
Subject: CVS: cvs.openbsd.org: src

From:     Daniel Hartmeier 
Date:     2003-02-08 20:13:20

...
Add scrub option 'random-id', which replaces IP IDs with random values for outgoing packets that are not fragmented (after reassembly)..."

The statement says "outgoing packets that are not fragmented." Does this mean outgoing packets that have been reassembled by scrub, as in:

incoming -> scrub reassemble -> random-id -> refragment -> outgoing

The wording of this message makes me wonder if it actually means that the random-id is applied after refragmenting for the external interface MTU, as in:

incoming -> scrub reassemble -> refragment -> random-id -> outgoing

The second scenario would seem to be less optimal than the first, as ID's would not be randomized for packets that exceed the external interface MTU constraints, but this subtle difference in wording has confused me. Can anybody tell me whether the random-id keyword catches ALL scrubbed+reassembled packets?

Thank you

Do you need help?

Aaron Suen

mailto:ags137@psu.edu
http://suen.ed.psu.edu/~asuen/ Received on Sun Feb 23 20:47:05 2003

This message: [ Message body ]
Next message: Scott Francis: "Re: WI-IF - MAC restrictions"
Previous message: AARON SUEN: "Ethernet Device Polling & UBC"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:33:10 EDT