Hello Jozsef On Wednesday 04 January 2012 09:28:05 Jozsef Kadlecsik wrote: > Hi Hans, > > On Wed, 4 Jan 2012, Hans Schillstrom wrote: > > > In some cases it not desirable to have auto defrag. > > Ex. in a cluster where packets can arrive on different blades. > > In that case it is possible to use containers (LXC) and send > > all fragments to one place where defrag is enabled. > > > > This patch makes it possible to turn off the defrag per network name space, > > by setting net.netfilter.nf_conntrack_nodefrag to 1. > > Both IPv4 and IPv6 is effected by this sysctl. > > Default is 0 which is defrag. > > Conntrack assumes that the packets are defragmented and will drop any > unfragmented one. So your patch results packet drops. Hmmm, more work... > > Also, if you want to disable defragmentation then why don't you simply > "mark" the packets with the NOTRACK target? I don't think that will work since NF_IP_PRI_CONNTRACK_DEFRAG is -400 > > Best regards, > Jozsef > -- Regards Hans Schillstrom <hans.schillstrom@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
