> On Wed, 4 Aug 2004, Bart De Schuymer wrote: > >> Due to a recent change in the bridge code, we now need a way of knowing >> if >> a packet has been defragmented. The bridge code now checks on the packet >> size and drops packets that are too big for the output port. >> Defragmented >> packets will get refragmented later, so they shouldn't be dropped. > > Well.. iptables does not really care why the packet is oversized. It > fragments any oversized packets. > > Why does the bridge need to? > The bridge doesn't even know it's IP. The there appears to be some ebtables code path that defragments packets, and in the process can decide to send a skb greater than the MTU of the device. Because of recent changes to allow bridging of an MTU size (previous limit was always 1500), the bridge now drops skb if skb->len > dev->mtu. Perhaps the problem is that ebtables filter is defragments because it is looking at the mtu of the incoming interface?
