[Bridge] Re: Any way of knowing a packet's been defragmented
Bart De Schuymer
bdschuym at pandora.be
Wed Aug 4 23:12:45 PDT 2004
On Thursday 05 August 2004 07:21, shemminger at osdl.org wrote:
> > Well.. iptables does not really care why the packet is oversized. It
> > fragments any oversized packets.
> >
> > Why does the bridge need to?
>
> The bridge doesn't even know it's IP. The there appears to be some
> ebtables code path that defragments packets, and in the process can
> decide to send a skb greater than the MTU of the device. Because of
> recent changes to allow bridging of an MTU size (previous limit was always
> 1500), the bridge now drops skb if skb->len > dev->mtu.
>
> Perhaps the problem is that ebtables filter is defragments because it
> is looking at the mtu of the incoming interface?
It has nothing to do with ebtables. It's all about connection tracking of ipv4
packets on a transparent bridging firewall. Ct defragments packets, on the
ipv4 PREROUTING hook, because it makes things easier. Ct on a transparent
bridge is something people need.
cheers,
Bart
More information about the Bridge
mailing list