[Openswan Users] UDP fragmentation in Linux
Marcus Leech
mleech at nortel.com
Fri Mar 4 14:11:13 CET 2005
Paul Wouters wrote:
> On Fri, 4 Mar 2005, Marcus Leech wrote:
>
>> No, I haven't. I'm still doing more tests. The system I wrote the
>> test code on doesn't have any ipchains/iptables
>> turned on (which doesn't necessarily mean that it isn't going through
>> the IPTABLES code).
>>
>> I've attached my small test program. You can see the offening
>> behaviour if you run this program, and
>> use TCPDUMP in another window. In modern TCPDUMPS, the IP flags
>> field is set to [+], which means
>> "more fragments to follow", but none will appear for the UDP packets
>> with UDP length of 3000, since the
>> MTU (for ethernet) will be 1500.
>
>
> It seems to work for me too:
Well, I'm sure glad I didn't send my diatribe off to the linux-net list :-)
Once I'd "fixed" the filtering rules on TCPDUMP (doh! doh! doh! doh!),
the fragments
showed up.
The question then is: why did my fragmentation-required packets not
make it last night
when PING packets (of 4000bytes) sailed through just fine. What does
IPTABLES do
when processing fragment trains? Does only the first fragment make it
through (since it's
the one with a UDP header)?
More information about the Users
mailing list