[Openswan Users] UDP fragmentation in Linux

Norbert Wegener nw at sbs.de
Fri Mar 4 18:50:34 CET 2005

Marcus Leech wrote:

> ...
> I'm suspecting that the IPTABLES code is scewing up in some way, since 
> the kernel ip_output routines call
>  NF_HOOK, rather than passing directly to the routing-chosen hardware 
> device.  Somewhere in all
>  that netfilter goop, I think that the output packet fragmentation 
> code has become broken--at least for UDP.
>  Like I observed, ICMP ECHO packets get correctly fragmented when they 
> exceed the local MTU.

Did you ask the iptables people to comment on this?

More information about the Users mailing list