D-Link NetDefendOS User Manual page 132

If2 890 Accept
If3 345 Drop
Each line of output from this command shows the status of an individual reassembly operation
where at least one fragment of a packet has been received as an IP datagram. Each datagram in
the reassembly process is uniquely identified by its source/destination IP address and its protocol
number. A reassembly operation will remain in the output of the command as long as more
fragments might be received.
Reassembly States
The State of reassembly shown by the frags command output can be one of the following:
• Done
Reassembly is complete but reassembly is kept alive for a short period in case there are any
duplicate fragments.
• Drop
NetDefendOS has determined that the reassembled packet is to be dropped based on the
configured rules. This is the opposite of the Accept state and all matching fragments
received will be dropped.
• Unknown
This indicates that it has not yet been determined if the packet is to be dropped or accepted.
• Accept
This state indicates it has been determined to not drop the packet based on the configured
rules. This is the opposite of Drop and matching fragments received are accepted.
• Free
This indicates a reassembly slot that is available for starting a new reassembly.
Options for the frags Command
To see only the reassembly slots that are in the Free state, use the -free option:
gw-world:/> frags -free
To see reassembly operations that are complete use the -done option:
gw-world:/> frags -done
Maximum Length Settings
NetDefendOS allows the following settings to be used to control the maximum size of incoming
packets for different protocols so that packets exceeding these sizes are dropped:
• Max UDP Length - Maximum size of UDP packets (default: 60,000 bytes).
• Max GRE Length - Maximum size of GRE packets (default: 2000 bytes).
• Max ESP Length - Maximum size of IPsec ESP packets (default: 2000 bytes).
10.0.1.60 192.168.3.1
192.168.0.2 10.1.1.2
132
Chapter 2: Management and Maintenance
UDP 7280 592/591
UDP 1494 581/101