Hi
* [EMAIL PROTECTED] wrote:
> Thomas Graf wrote:
> >now, cause almost all packets have the ACK bit set this rule
> >matches all small packets with no ip options. it could be
> >done better with nexthdr to match packets with ip options
> >set too.
>
> Wouldn't it also be necessary to match the packets with ACK set + Data
> or aren't they as much important as the packets we are already matching?
Read about biggy packing, most ACKs are sent within a data
packet to avoid too much overhead, further all data packets in a
transaction have the ACK bit set. You might want to look for a
more practical explanation about TCP than most books provide.
To quote myself:
now, cause almost all packets have the ACK bit set this rule
matches all small packets with no ip options.
I never tested if this rule actually improves anything, if
you do please let me know. I think it really depens on what kind
of protocols you use and the average use of your line.
The match for 5 WORDS ip header len is not really needed because
you could match the ACK bit with help of the nexthdr feature w/o
taking care of possible ip options.
Hope that helps.
--
Thomas Graf
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
