Piotr Sawicki <piotr.sawicki@xxxxxxxxx> wrote: > Everything works fine until I try to send huge packets. When the size of > these packets is larger than MTU then the fragmentation occurs. I've > observed that the first fragment has valid UID and GID fields, but the rest > of the fragments do not include them. > > I've found that the remedy for this concern is to set NFQA_CFG_F_GSO flag. All users should set this flag. We can't make it default because it breaks old applications that can't deal with large (offload) packets. > I've found that when the fragmentation procedure splits the packet into > fragments, it keeps a valid sk only in the first fragment. Therefore, it is > impossible to fetch valid UID and GID fields from the rest of the fragments. > > Is it intended behavior, or is it a bug? Neither. UID code was added later, so this wasn't a problem. I would suggest to just set F_GSO flag; it has no disadvantages. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
