Pascal Hambourg wrote: > Jan Engelhardt a écrit : >> On Thursday 2010-04-29 01:55, Stephen Hemminger wrote: >> >>> It seems that h323 conntrack module can't handle TCP fragments. >> Fragments should not normally happen, as nf_conntrack loads >> nf_defrag. > > What about IPv6 fragments ? IIUC the IPv6 conntrack only performs a > "virtual" reassembly. Can and do the conntrack helpers use the virtually > reassembled datagrams ? > > (Although IIUC TCP fragmentation should be very unlikely, as the TCP > layer is informed about the path MTU and should adjust the segment size > accordingly.) Yes, the "virtual" reassembled packet is also passed to the helpers. The message is most likely a false positive caused by non-H.323 traffic. I'll switch it to pr_debug(). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
