PF, bridge, states and window scaling problem
Girish Venkatachalam
girishvenkatachalam at gmail.com
Tue Nov 13 06:23:48 PST 2007
On 18:57:34 Nov 13, Girish Venkatachalam wrote:
> I just read the post you linked. Thanks. :)
I read the post once again and it looks as though I understood what is
mentioned there.
The 'no-df' in scrub rule clears the Don't fragment bit in the IP
header. When a host wrongly sends fragmented packets with the DF bit
set, this scrub rule "correctly" resets the DF bit.
Now since the host made the mistake of sending a fragmented packet with
DF bit set ( this is like saying " Please don't fragment my packet, but
I myself have fragmented". Odd...) no-df scrub rule causes trouble.
Scrub never causes trouble with properly formed packets.
regards,
Girish
More information about the freebsd-questions
mailing list