[Openswan Users] UDP fragmentation in Linux
Rolf Offermanns
roffermanns at sysgo.com
Mon Mar 7 09:42:27 CET 2005
On Friday 04 March 2005 20:11, Marcus Leech wrote:
> The question then is: why did my fragmentation-required packets not
> make it last night
> when PING packets (of 4000bytes) sailed through just fine. What does
> IPTABLES do
> when processing fragment trains? Does only the first fragment make it
> through (since it's
> the one with a UDP header)?
(the following is only valid, if connection tracking is used.)
If fragmented packets are processed by an iptables enabled host, they are put
together again. After that (if that host is a router) they are send to the
next hop getting fragmented as it fits the MTU of the iptables host.
HTH,
Rolf
--
Rolf Offermanns <roffermanns at sysgo.com>
SYSGO AG Tel.: +49-6136-9948-0
Am Pfaffenstein 14 Fax: +49-6136-9948-10
55270 Klein-Winternheim http://www.sysgo.com
More information about the Users
mailing list