From: Abraham van der Merwe <abz@frogfoot.net>
To: Ralf Spenneberg <lists@spenneberg.org>
Cc: Netfilter Discussions <netfilter@lists.netfilter.org>
Subject: Re: clearing dont-fragment bit
Date: Thu, 9 Oct 2003 18:50:49 +0200 [thread overview]
Message-ID: <20031009165049.GA4043@oasis.frogfoot.net> (raw)
In-Reply-To: <1065716586.5873.23.camel@kermit>
Hi Ralf >@2003.10.09_18:23:06_+0200
> > Are there any iptables extensions out there that allow you to clear the DF
> > (Dont Fragment) bit in ip headers?
> If you clear the DF-Bit and use Linux on either side of the tunnel where
> the packets are fragmented you are in deep trouble, because Linux 2.4
> (when using PMTU) not only sets the DF-Bit but also clears the IP-ID
> which is needed to defragment the packets again. So, when clearing the
> DF-Bit you have to ensure unique numbers in the IP-ID field, too.
Surely if I clear the DF-bit in the mangle table then the ipstack should
only defragment the packet later on when it made a routing decision and
decided over which interface to send the packet(s) and set the IP-ID fields
and MF-bit accordingly?
Are there any other side-effects when clearing the DF-bit?
--
Regards
Abraham
Who loves me will also love my dog.
-- John Donne
___________________________________________________
Abraham vd Merwe - Frogfoot Networks CC
9 Kinnaird Court, 33 Main Street, Newlands, 7700
Phone: +27 21 686 1665 Cell: +27 82 565 4451
Http: http://www.frogfoot.net/ Email: abz@frogfoot.net
next prev parent reply other threads:[~2003-10-09 16:50 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-09 13:43 clearing dont-fragment bit Abraham van der Merwe
2003-10-09 14:03 ` Maciej Soltysiak
2003-10-09 14:08 ` Abraham van der Merwe
2003-10-09 14:43 ` Ramin Dousti
2003-10-09 14:52 ` Abraham van der Merwe
2003-10-09 15:49 ` Ramin Dousti
2003-10-09 16:13 ` Abraham van der Merwe
2003-10-09 19:44 ` Ramin Dousti
2003-10-09 16:23 ` Ralf Spenneberg
2003-10-09 16:50 ` Abraham van der Merwe [this message]
2003-10-09 17:12 ` Ralf Spenneberg
2003-10-09 18:11 ` Abraham van der Merwe
2003-10-10 5:13 ` Ralf Spenneberg
2003-10-10 8:17 ` Abraham van der Merwe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031009165049.GA4043@oasis.frogfoot.net \
--to=abz@frogfoot.net \
--cc=lists@spenneberg.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.