[Bridge] Re: Any way of knowing a packet's been defragmented

shemminger at osdl.org shemminger at osdl.org
Wed Aug 4 22:21:25 PDT 2004


> On Wed, 4 Aug 2004, Bart De Schuymer wrote:
>
>> Due to a recent change in the bridge code, we now need a way of knowing
>> if
>> a packet has been defragmented. The bridge code now checks on the packet
>> size and drops packets that are too big for the output port.
>> Defragmented
>> packets will get refragmented later, so they shouldn't be dropped.
>
> Well.. iptables does not really care why the packet is oversized. It
> fragments any oversized packets.
>
> Why does the bridge need to?
>

The bridge doesn't even know it's IP.  The there appears to be some
ebtables code path that defragments packets, and in the process can
decide to send a skb greater than the MTU of the device. Because of
recent changes to allow bridging of an MTU size (previous limit was always
1500), the bridge now drops skb if skb->len > dev->mtu.

Perhaps the problem is that ebtables filter is defragments because it
is looking at the mtu of the incoming interface?



More information about the Bridge mailing list