search for: ip_refrag

...r, src port, dst addr, and dst port, arrive very close together, then only the first one accepted by our software actually makes it back out to the wire; the others are silently dropped. Analysis We instrumented the kernel to find out where the drop was occurring. The code doing the dropping was ip_refrag() in net/ipv4/netfilter/ip_conntrack_standalone.c, specifically: /* We've seen it coming out the other side: confirm */ if (ip_confirm(hooknum, pskb, in, out, okfn) != NF_ACCEPT) return NF_DROP; The dropping is caused by a race between the first packet of a giv...

Hi, I have just configured a Linux box with kernel 2.6.16.7 and configured two ethernet interfaces (with MTU 1500) in bridge mode. CONFIG_BRIDGE_NETFILTER is enabled. The problem is that ping -s 1500 192.168.0.2 doesn't work from 192.168.0.1 if the systems are separated by the bridge. Normal ping with smaller packet size works ok. What is wrong? Best Regards Fulvio Ricciardi

Hello, Due to a recent change in the bridge code, we now need a way of knowing if a packet has been defragmented. The bridge code now checks on the packet size and drops packets that are too big for the output port. Defragmented packets will get refragmented later, so they shouldn't be dropped. I've been reading the defragmentation code and can't find an easy way of knowing if a

...eader_size, header_size); } struct bridge_skb_cb { --- linux-2.6.0-test6/net/bridge/br_forward.c Sun Sep 28 02:50:15 2003 +++ linux-2.6.0-test6-new/net/bridge/br_forward.c Mon Oct 6 20:19:32 2003 @@ -35,8 +35,7 @@ int br_dev_queue_push_xmit(struct sk_buf { #ifdef CONFIG_BRIDGE_NETFILTER /* ip_refrag calls ip_fragment, which doesn't copy the MAC header. */ - if (skb->nf_bridge) - memcpy(skb->data - 16, skb->nf_bridge->hh, 16); + nf_bridge_maybe_copy_header(skb); #endif skb_push(skb, ETH_HLEN); --- linux-2.6.0-test6/net/8021q/vlan_dev.c Sun Sep 28 02:51:00 2003 +++ linux-2....