When I connect my media player (PopcornHour) to a nfs server running on my pc , I get a flood of major warnings. See below. I found another poster with a other player (Dvico tvix) that had similar nfs problems. You advised him to disable Protocol Analysis. That’s drastic. Isn’t it possible to make an exemption rule for the media players IP address , not to apply Protocol Analysis ?
Is it possible in v3 of Comodo to apply Protocol Analysis except with this mediia players ip ?
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Outgoing
Source: 10.0.0.200
Destination: 10.0.0.64
Protocol : UDP
Reason: Fragmented IP packets are not allowed
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fake or Malformed UDP Packet)
Direction: UDP Outgoing
Source: 10.0.0.200:2049
Destination: 10.0.0.64:1023
Reason: UDP packet length and the size on the wire(8328 bytes) do not match
I got a mail from the people of the nfs server i use. It seems the fragmentation is usual with nfs.
With the rise of the media players and nfs could Comodo allow for fragmented udp packets for specific addresses.
They wrote:
fragmented UDP packets are normal for NFS. NFS uses blocksizes of 4096 or 8192 bytes, these must be fragmented over the ethernet with a maximum packet size of 1500 bytes. Perhaps the fragments are seen as malformed UDP packets.
You can try to reduce the blocksize to 1024 bytes to avoid fragmentation, but it will decrease transfer performance as well.
You can use any byte size, but because disk reads are normally done in multiples of 512 bytes using other sizes (e.g. 1400 bytes) will also have negative performance effects.
If your client supports it could try NFS over TCP. This should give
good performance without fragementation.
If you open CFP and click FIREWALL - ADVANCED TASKS - ATTACK DETECTON SETTINGS - MISCELLANEOUS, you should find an option to not block fragmented IP packets. Most SAN type devices require this setting to be enabled (i.e. to allow fragmented packets).
