Stephen Hemminger wrote:
On Wed, 17 Aug 2005 23:28:13 +0200
Andi Kleen <[EMAIL PROTECTED]> wrote:
Some "L3 switches" do it by violating the layers and faking an ICMP
fragmentation unreachable from the destination for DF=1 and otherwise
fragmenting. But it's a big hack and probably nothing that
should be put into Linux.
Linux bridge netfilter with ip_conntrack is actually worse, it
allows to use connection tracking which defragments and refragments
packets without careing about IP_DF at all, thereby breaking pmtud.
There's also lots of other potential mis-interaction resulting from
using IP netfilter from the bridge layer - of course at least some
of it is questionable on the IP layer as well.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
