[Openswan Users] UDP fragmentation in Linux
Norbert Wegener
nw at sbs.de
Fri Mar 4 18:50:34 CET 2005
Marcus Leech wrote:
> ...
>
> I'm suspecting that the IPTABLES code is scewing up in some way, since
> the kernel ip_output routines call
> NF_HOOK, rather than passing directly to the routing-chosen hardware
> device. Somewhere in all
> that netfilter goop, I think that the output packet fragmentation
> code has become broken--at least for UDP.
> Like I observed, ICMP ECHO packets get correctly fragmented when they
> exceed the local MTU.
Did you ask the iptables people to comment on this?
More information about the Users
mailing list