[Bridge] Re: Any way of knowing a packet's been defragmented

Bart De Schuymer bdschuym at pandora.be
Wed Aug 4 23:12:45 PDT 2004

On Thursday 05 August 2004 07:21, shemminger at osdl.org wrote:
> > Well.. iptables does not really care why the packet is oversized. It
> > fragments any oversized packets.
> >
> > Why does the bridge need to?
> The bridge doesn't even know it's IP.  The there appears to be some
> ebtables code path that defragments packets, and in the process can
> decide to send a skb greater than the MTU of the device. Because of
> recent changes to allow bridging of an MTU size (previous limit was always
> 1500), the bridge now drops skb if skb->len > dev->mtu.
> Perhaps the problem is that ebtables filter is defragments because it
> is looking at the mtu of the incoming interface?

It has nothing to do with ebtables. It's all about connection tracking of ipv4 
packets on a transparent bridging firewall. Ct defragments packets, on the 
ipv4 PREROUTING hook, because it makes things easier. Ct on a transparent 
bridge is something people need.


More information about the Bridge mailing list