> >On Thu, Jun 14, 2012 at 07:52:23PM +0200, Pablo Neira Ayuso wrote: >> On Thu, Jun 14, 2012 at 08:17:35AM +0200, Hans Schillstrom wrote: >> > Hello, >> > >> > I think it is wrong to always force the DF bit in IPv4, it's better >> > to have an option If an application don't set the DF bit, usually it >> > doesn't expect to get an icmp back either. The result is that the >> > packet will be dropped... > >I don't understand what effect you're observing to propose this >change. Could you clarify this? Ex. syslog do not use DF it relies on L3 fragmentation handling. So when sending big syslog datagrams to the "copy" with DF bit set the receiver will drop the packets and send back an ICMP "packet to big" which is not handled by syslog... /Hans -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
