Hello. (2010/03/31 19:31), Jan Engelhardt wrote: > Patrick McHardy notes: "We used to invoke IPv4 POST_ROUTING after > fragmentation as well just to defragment the packets in conntrack > immediately afterwards, but that got changed during the > netfilter-ipsec integration. Ideally IPv6 would behave like IPv4." > > This patch makes it so. Sending an oversized frame (e.g. `ping6 > -s64000 -c1 ::1`) will now show up in POSTROUTING as a single skb > rather than multiple ones. I am not in favor doing this because we theoretically make fragments __before__ routing in output path (as we reassemble __after__ routing in input path). IMHO, FORWARDING and POSTROUTING share similar semantics from routing POV. As we see "fragments" in FORWARDING, we should see fragments in POST_ROUTING, at least in IPv6. --yoshfuji -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
