This breaks connection tracking for packets coming in via such
interfaces.
Nowadays we only enable defrag in a network namespace if the
ip/nftables
ruleset requires it, so this setting would be counter-productive.
Hi Florian
This usecase is run on an Android based device, so there will be only
the init namespace. While the specific rmnet interfaces for wifi calling
do
not require conntrack / iptables, some other scenarios like NAT on other
interfaces may trigger the load of the defrag module. Hence, we needed
this interface specific way of preventing defrag.
An example of this usage is for fixing wifi calling on networks
where certain routers are configured to drop fragments explicitly.
Yay... does that happen for all frags or is this related to df bit
somehow?
Based on our observations, the routers usually drop all fragmented
packets possibly for security reasons.
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
