[Bridge] Re: Any way of knowing a packet's been defragmented
Henrik Nordstrom
hno at marasystems.com
Thu Aug 5 00:55:36 PDT 2004
On Thu, 5 Aug 2004, Bart De Schuymer wrote:
> It has nothing to do with ebtables. It's all about connection tracking of ipv4
> packets on a transparent bridging firewall. Ct defragments packets, on the
> ipv4 PREROUTING hook, because it makes things easier. Ct on a transparent
> bridge is something people need.
The question on why the bridge needs to drop oversized fragments instead
of simply letting iptables fragment them remains...
Regards
Henrik
More information about the Bridge
mailing list