On Thursday 2010-04-01 12:50, YOSHIFUJI Hideaki wrote: >(2010/03/31 19:31), Jan Engelhardt wrote: >> Patrick McHardy notes: "We used to invoke IPv4 POST_ROUTING after >> fragmentation as well just to defragment the packets in conntrack >> immediately afterwards, but that got changed during the >> netfilter-ipsec integration. Ideally IPv6 would behave like IPv4." >> >> This patch makes it so. Sending an oversized frame (e.g. `ping6 >> -s64000 -c1 ::1`) will now show up in POSTROUTING as a single skb >> rather than multiple ones. > >I am not in favor doing this >because we theoretically make fragments __before__ routing >in output path (as we reassemble __after__ routing in input path). > >IMHO, FORWARDING and POSTROUTING share similar semantics >from routing POV. >As we see "fragments" in FORWARDING, we should see >fragments in POST_ROUTING, at least in IPv6. I don't have much of a problem with it, in fact, I also have a patch ready that would turn things around in the IPv4 section instead to match the IPv6 behavior. Or it could be ignored altogether since it is not crucial for IPSKB_REROUTED. Patrick? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
