On 7/1/2020 1:52 PM, Cong Wang wrote: > On Tue, Jun 30, 2020 at 7:36 PM wenxu <we...@ucloud.cn> wrote: >> >> On 7/1/2020 3:02 AM, Cong Wang wrote: >>> On Mon, Jun 29, 2020 at 7:55 PM <we...@ucloud.cn> wrote: >>>> From: wenxu <we...@ucloud.cn> >>>> >>>> The fragment packets do defrag in act_ct module. The reassembled packet >>>> over the mtu in the act_mirred. This big packet should be fragmented >>>> to send out. >>> This is too brief. Why act_mirred should handle the burden introduced by >>> act_ct? And why is this 158-line change targeting -net not -net-next? >> Hi Cong, >> >> In the act_ct the fragment packets will defrag to a big packet and do >> conntrack things. >> >> But in the latter filter mirred action, the big packet normally send over >> the mtu of outgoing device. >> >> So in the act_mirred send the packet should fragment. > Why act_mirred? Not, for a quick example, a new action called act_defrag? > I understand you happen to use the combination of act_ct and act_mirred, > but that is not the reason we should make act_mirred specifically work > for your case.
Only forward packet case need do fragment again and there is no need do defrag explicit.
