[Bridge] 802.1q packets

richardvoigt at gmail.com richardvoigt at gmail.com
Mon Jun 30 15:42:51 PDT 2008


On Mon, Jun 30, 2008 at 5:07 PM, Fulvio Ricciardi <
fulvio.ricciardi at zeroshell.net> wrote:

>
> >
> > That mostly rules out other devices in the path as the
> > cause of the problem.  There's just one chance of a
> > netfilter interaction that I can think of: netfilter may
> > cause fragments to be recombined, without netfilter the
> > fragments could be bridged.  Are you running the ping
> > command from the bridge itself, or across the bridge? (I
> > presume across the bridge because you are discussing the
> > FORWARD chain only)
>
> I ping across the bridge. If instead a ping from the bridge
> itself, all works right.
>
> >
> > Do the large ping requests show up in the iptables
> > counters?
>
> Yes, in any case (either ping -s 1472 and ping -s 1473) the
> packets are counted in the FORWARD chain.
>
> >
> > What happens if you set no fragmentation when you run
> > ping?
>
> it's the same


Just to verify, you mean that with no fragmentation, large pings go through
if and only if bridge-nf-call-iptables is disabled?

I would expect large pings to be dropped irregardless of the
bridge-nf-call-iptables option when the no fragmentation bit is set, based
on your scenario.


>
>
> Thanks
> Fulvio
>
> --------------------------------------------------------------------
> Fulvio Ricciardi
> web: http://www.zeroshell.net/eng/
> skype: zeroshellnet
> Phone: +3908321835630
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/bridge/attachments/20080630/3ca3babb/attachment.htm 


More information about the Bridge mailing list