Jan Engelhardt wrote: > On Tuesday 2010-03-23 13:38, Patrick McHardy wrote: >>> 1. sending the clone through a tunnel - admin can't do much about MTU getting >>> smaller here. >> It either happens locally (before encapsulation) or for the >> encapsulated packets, which isn't a problem. > > That is what I am referring to. Suppose -j TEE is using > a --gateway address whose route resolves to > > default dev ipip0 [mtu 1480] > > (There is no encapsulation or MTU decrease on the original path.) The > admin then has two possibilities, to either drop the clone, or coerce > the source in sending appropriately-sized packets. True. He might also hack ipip to allow fragmentation of encapsulated packets independant of the IP_DF flag of the original packet. But in my opinion he should make sure not to send anything to the source for duplicated packets. BTW, I just noticed TEE is still using init_net. This should be fixed. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
