* ipq_set_verdict problem in bridge+iptables [not found] <20030712222620.28732.48265.Mailman@kashyyyk> @ 2003-07-13 3:11 ` Yong Li 2003-07-14 8:07 ` Harald Welte 0 siblings, 1 reply; 3+ messages in thread From: Yong Li @ 2003-07-13 3:11 UTC (permalink / raw) To: netfilter-devel Hello All, I encountered a problem with the ipq_set_verdict function. I want to modify the packet content and size using the ipq_set_verdict function. However, I found I cannot change the IP packet size more than 400+ bytes. Is it a known issue? Thanks in advance! Yong ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ipq_set_verdict problem in bridge+iptables 2003-07-13 3:11 ` ipq_set_verdict problem in bridge+iptables Yong Li @ 2003-07-14 8:07 ` Harald Welte [not found] ` <001c01c34a6f$97af4fe0$8501a8c0@dev> 0 siblings, 1 reply; 3+ messages in thread From: Harald Welte @ 2003-07-14 8:07 UTC (permalink / raw) To: Yong Li; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 1020 bytes --] On Sun, Jul 13, 2003 at 11:11:16AM +0800, Yong Li wrote: > Hello All, > > I encountered a problem with the ipq_set_verdict function. I want to modify > the packet content and size using the ipq_set_verdict function. However, I > found I cannot change the IP packet size more than 400+ bytes. Is it a known > issue? what do you mean by 'I cannot' ? What happens? Is an error returned to the ipq_set_verdict() call? Is the packet silently discarded? Is the packet truncated? Anyway, it should work. But if you exceed the outgoing interface's MTU, I could imagine that no fragmentation happens... > Thanks in advance! > Yong -- - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <001c01c34a6f$97af4fe0$8501a8c0@dev>]
* Re: ipq_set_verdict problem in bridge+iptables [not found] ` <001c01c34a6f$97af4fe0$8501a8c0@dev> @ 2003-07-15 3:24 ` Yong 0 siblings, 0 replies; 3+ messages in thread From: Yong @ 2003-07-15 3:24 UTC (permalink / raw) To: Yong, Harald Welte; +Cc: netfilter-devel ----- Original Message ----- From: "Yong" <sdssly@sina.com> To: "Harald Welte" <laforge@netfilter.org> Cc: <netfilter-devel@lists.netfilter.org> Sent: Tuesday, July 15, 2003 9:22 AM Subject: Re: ipq_set_verdict problem in bridge+iptables > Hello Harald, > > Thank you for your emails! > > I want to use the iptable_queue in bridge+iptables environment. I can get the packet in userspace using -j QUEUE command. However, If I change the packet size. for example, I change the ping icmp packet size to 400, the packet Ethernet header is changed. In my test, the MAC address is changed to 0xffffffffff. I can capture this packet using sniffer tool. Since the MAC address is changed, the other computer cannot receive the ICMP packet. > > It seems that the bridge iptables patch changed something in the function ipq_set_verdict(). > > Regarding the MTU issue, you are right. the ipq_set_verdict function does not perform the IP fragment. If I send a packet larger than MTU, it is missing. Is it by design? > > Can I modify the ipq_set_verdict function to perform the IP fragment? Is there any patch for this IP fragment issue? > > Thank you again for your help! > > Yong > > ----- Original Message ----- > From: "Harald Welte" <laforge@netfilter.org> > To: "Yong Li" <sdssly@sina.com> > Cc: <netfilter-devel@lists.netfilter.org> > Sent: Monday, July 14, 2003 4:07 PM > Subject: Re: ipq_set_verdict problem in bridge+iptables > > On Sun, Jul 13, 2003 at 11:11:16AM +0800, Yong Li wrote: > > Hello All, > > > > I encountered a problem with the ipq_set_verdict function. I want to modify > > the packet content and size using the ipq_set_verdict function. However, I > > found I cannot change the IP packet size more than 400+ bytes. Is it a known > > issue? > > what do you mean by 'I cannot' ? What happens? Is an error returned to > the ipq_set_verdict() call? Is the packet silently discarded? Is the > packet truncated? > > Anyway, it should work. But if you exceed the outgoing interface's MTU, > I could imagine that no fragmentation happens... > > > Thanks in advance! > > Yong ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-07-15 3:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20030712222620.28732.48265.Mailman@kashyyyk>
2003-07-13 3:11 ` ipq_set_verdict problem in bridge+iptables Yong Li
2003-07-14 8:07 ` Harald Welte
[not found] ` <001c01c34a6f$97af4fe0$8501a8c0@dev>
2003-07-15 3:24 ` Yong
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.