On Tuesday 2010-03-23 13:38, Patrick McHardy wrote: > >> 1. sending the clone through a tunnel - admin can't do much about MTU getting >> smaller here. > >It either happens locally (before encapsulation) or for the >encapsulated packets, which isn't a problem. That is what I am referring to. Suppose -j TEE is using a --gateway address whose route resolves to default dev ipip0 [mtu 1480] (There is no encapsulation or MTU decrease on the original path.) The admin then has two possibilities, to either drop the clone, or coerce the source in sending appropriately-sized packets. >> 2. the PTB may take longer to reach the source due to internet >> routing - nothing the admin can really influence either. > >He should make sure any messages generated in response to duplicated >packets are not routed or dropped. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
