On Fri, May 02, 2014 at 03:32:16PM +0200, Florian Westphal wrote: > else we may fail to forward skb even if original fragments do fit > outgoing link mtu: > > 1. remote sends 2k packets in two 1000 byte frags, DF set > 2. we want to forward but only see '2k > mtu and DF set' > 3. we then send icmp error saying that outgoing link is 1500 > > But original sender never sent a packet that would not fit > the outgoing link. > > Setting local_df makes outgoing path test size vs. > IPCB(skb)->frag_max_size, so we will still send the correct > error in case the largest original size did not fit > outgoing link mtu. Thanks Florian for picking up this issue posted in netdev and cooking a patch for it. Enqueued to the nf tree. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
