readme.eng: beautify

This commit is contained in:
bol-van 2022-02-06 12:39:23 +03:00
parent f05e39a527
commit 2d6f26a6c1

View File

@ -424,7 +424,7 @@ ipv4 : Linux allows to send ipv4 fragments but standard firewall rules in OUTPUT
ipv6 : There's no way for an application to reliably send fragments without defragmentation by conntrack. ipv6 : There's no way for an application to reliably send fragments without defragmentation by conntrack.
Sometimes it works, sometimes system defragments packets. Sometimes it works, sometimes system defragments packets.
Looks like kernels <4.16 have no simple way to solve this problem. Unloading of nf_conntrack module Looks like kernels <4.16 have no simple way to solve this problem. Unloading of `nf_conntrack` module
and its dependency `nf_defrag_ipv6` helps but this severely impacts functionality. and its dependency `nf_defrag_ipv6` helps but this severely impacts functionality.
Kernels 4.16+ exclude from defragmentation untracked packets. Kernels 4.16+ exclude from defragmentation untracked packets.
See `blockcheck.sh` code for example. See `blockcheck.sh` code for example.