[Bridge] Re: Any way of knowing a packet's been defragmented

bdschuym at pandora.be bdschuym at pandora.be
Thu Aug 5 04:30:22 PDT 2004

: Henrik Nordstrom [mailto:hno at marasystems.com]
: donderdag
, augustus
 5, 2004 07:55 AM
: 'Bart De Schuymer'

>The question on why the bridge needs to drop oversized fragments instead 
>of simply letting iptables fragment them remains...

As Stephen explained, bridge ports of the same bridge device no longer need to have the same mtu. So the bridge code needs to drop packets (ARP, IP, whatever) that will be too long for the output port.
The whole idea behind the new flag is giving the bridge code enough information so it doesn't drop to-be-fragmented packets.


More information about the Bridge mailing list