[Openswan Users] UDP fragmentation in Linux
Paul Wouters
paul at xelerance.com
Fri Mar 4 19:40:03 CET 2005
On Fri, 4 Mar 2005, Marcus Leech wrote:
> No, I haven't. I'm still doing more tests. The system I wrote the test code
> on doesn't have any ipchains/iptables
> turned on (which doesn't necessarily mean that it isn't going through the
> IPTABLES code).
>
> I've attached my small test program. You can see the offening behaviour if
> you run this program, and
> use TCPDUMP in another window. In modern TCPDUMPS, the IP flags field is
> set to [+], which means
> "more fragments to follow", but none will appear for the UDP packets with
> UDP length of 3000, since the
> MTU (for ethernet) will be 1500.
It seems to work for me too:
19:37:53.539129 IP (tos 0x0, ttl 64, id 22814, offset 0, flags [+], proto 17, length: 1500) 193.110.157.17.36048 > 10.0.0.10.555: UDP, length 3000
19:37:53.540647 IP (tos 0x0, ttl 64, id 22814, offset 1480, flags [+], proto 17, length: 1500) 193.110.157.17 > 10.0.0.10: udp
19:37:53.542274 IP (tos 0x0, ttl 64, id 22814, offset 2960, flags [none], proto 17, length: 68) 193.110.157.17 > 10.0.0.10: udp
19:37:54.573442 IP (tos 0x0, ttl 64, id 22815, offset 0, flags [none], proto 17, length: 328) 193.110.157.17.36048 > 10.0.0.10.555: UDP, length 300
19:37:55.575294 IP (tos 0x0, ttl 64, id 22816, offset 0, flags [+], proto 17, length: 1500) 193.110.157.17.36048 > 10.0.0.10.555: UDP, length 3000
19:37:55.576738 IP (tos 0x0, ttl 64, id 22816, offset 1480, flags [+], proto 17, length: 1500) 193.110.157.17 > 10.0.0.10: udp
19:37:55.578125 IP (tos 0x0, ttl 64, id 22816, offset 2960, flags [none], proto 17, length: 68) 193.110.157.17 > 10.0.0.10: udp
19:37:56.578136 IP (tos 0x0, ttl 64, id 22817, offset 0, flags [none], proto 17, length: 328) 193.110.157.17.36048 > 10.0.0.10.555: UDP, length 300
I tested with both forwarding and rp_filter settings changed and with and without ip_conntrack. It all
seems to just work. This is on 2.6.10-1.766_FC3.
Paul
--
"At best it is a theory, at worst a fantasy" -- Michael Crichton
More information about the Users
mailing list