On 04/27/2011 01:22 PM, Jan Engelhardt wrote: > On Wednesday 2011-04-27 12:43, Ulrich Weber wrote: > >> Each fragmented IPv6 packets will traverse netfilter separately, >> in contrast to IPv4, where its only one refragmented packet. > > Not really. All fragments enter nf_hook_slow, be it IPv4 or IPv6. > It's just that nf_defrag - which is a netfilter module - collects and > suppresses fragments before spitting out the unfragmented one. nf_ct_frag6_output() sends each fragment itself through netfilter. Personally I don't like this and would rather see, that IPv6 behaves the same way as IPv4, sending the unfragmented packet through netfilter... Cheers Ulrich -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
