Jan Engelhardt <jengelh@xxxxxxx> wrote: > On Friday 2012-06-15 14:51, Hans Schillstrom wrote: > > > Here's another point I remember why we forced IP_DF: we want to keep > the packet as-is. The receiver of the cloned packet (often a logger) > has no way of autonomously knowing whether the packet was already > fragmented originally as it came into the cloner, or whether > fragmentation is a doing of the cloner. Except that, if the path mtu was too low, it doesn't even receive that packet. If the sender does PMTUD, that might be ok since future packets will be reduced in size. But if the sender doesn't do PMTUD (and 'DF not set' indicates that) your 'clone receiver' will never get any data at all... TEE really shouldn't force DF. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
