In some email I received from Hans Werner Strube, sie wrote: > From: Darren Reed Wed, 22 Dec 2004 > > "keep frags" doesn't work with certain Linux kernels that generate > > fragments. This is a known issue with Linux. Is the NFSSERVER host > > running Linux? > > The NFSSERVER (which is not under my control) runs Linux, but ipfilter runs > in Solaris 7_x86. This issue should not depend on the server's OS, since the > fragmentation is necessary when the NFS rsize + packet headers exceeds the > MTU (=1500 bytes). Or are the fragments from a Linux server in a nonstandard > format not recognized by ipf?
Right. This seems to come up often - the Linux server is fragmenting and sending out packets in an order that is the inverse of what everyone else does and in an order that prevents "keep frags" from working. > I could reduce rsize to, e.g., 1300. But one should be aware that there > seems to be a keep state problem with UDP. There isn't. The problem is with Linux (2.4?) & fragmentation of IP packets. Darren
