Jiri Olsa wrote: > On Fri, Jun 04, 2010 at 02:03:17PM +0200, Patrick McHardy wrote: > >> Jiri Olsa wrote: >> >>> hi, >>> >>> I'd like to be able to sendout a single IP packet with MF flag set. >>> >>> When using RAW sockets the packet will get stuck in the >>> netfilter (NF_INET_LOCAL_OUT nf_defrag_ipv4 reassembly unit) >>> and wont ever make it out.. >>> >>> I made a change which bypass the outgoing reassembly for >>> RAW sockets, but I'm not sure wether it's too invasive.. >>> >> That would break reassembly (and thus connection tracking) for cases >> where its really intended. >> >> >>> Is there any standard for RAW sockets behaviour? >>> Or another way around? :) >>> >> You could use the NOTRACK target to bypass connection tracking. >> > > ok, > > I tried the NOTRACK target, but the packet is still going > throught reassembly, because the RAW filter has lower priority > then the connection track defragmentation.. > Right. > I was able to get it bypassed by attached patch and following > command: > > iptables -v -t raw -A OUTPUT -p icmp -j NOTRACK > > again, not sure if this is too invasive ;) > Well, we can't change it in the mainline kernel. > If this is not the way, I'd appreciatte any hint.. my goal is > to put malformed packet on the wire (more frags bit set for a > non fragmented packet) I don't have any good suggestions besides adding a flag to the IPCB and skipping defragmentation based on that. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
