[Openswan Users] UDP fragmentation in Linux

Marcus Leech mleech at nortel.com
Fri Mar 4 14:11:13 CET 2005

Paul Wouters wrote:

> On Fri, 4 Mar 2005, Marcus Leech wrote:
>> No, I haven't.  I'm still doing more tests.  The system I wrote the 
>> test code on doesn't have any ipchains/iptables
>> turned on (which doesn't necessarily mean that it isn't going through 
>> the IPTABLES code).
>> I've attached my small test program.  You can see the offening 
>> behaviour if you run this program, and
>> use TCPDUMP in another window.  In modern TCPDUMPS, the IP flags 
>> field is set to [+], which means
>> "more fragments to follow", but none will appear for the UDP packets 
>> with UDP length of 3000, since the
>> MTU (for ethernet) will be 1500.
> It seems to work for me too: 

Well, I'm sure glad I didn't send my diatribe off to the linux-net list :-)

Once I'd "fixed" the filtering rules on TCPDUMP (doh! doh! doh! doh!), 
the fragments
  showed up.

The question then is:  why did my fragmentation-required packets not 
make it last night
  when PING packets (of 4000bytes) sailed through just fine.   What does 
  when processing fragment trains?  Does only the first fragment make it 
through (since it's
  the one with a UDP header)?

More information about the Users mailing list