From f05e39a527b8c253b851bec9d33e8b6f6c29cfc1 Mon Sep 17 00:00:00 2001 From: bol-van Date: Sun, 6 Feb 2022 12:38:49 +0300 Subject: [PATCH] readme.eng: beautify --- docs/readme.eng.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/readme.eng.md b/docs/readme.eng.md index 75c76d1..5fe0b48 100644 --- a/docs/readme.eng.md +++ b/docs/readme.eng.md @@ -425,14 +425,14 @@ ipv4 : Linux allows to send ipv4 fragments but standard firewall rules in OUTPUT ipv6 : There's no way for an application to reliably send fragments without defragmentation by conntrack. Sometimes it works, sometimes system defragments packets. Looks like kernels <4.16 have no simple way to solve this problem. Unloading of nf_conntrack module -and its dependency nf_defrag_ipv6 helps but this severely impacts functionality. +and its dependency `nf_defrag_ipv6` helps but this severely impacts functionality. Kernels 4.16+ exclude from defragmentation untracked packets. See `blockcheck.sh` code for example. Sometimes it's required to load `ip6table_raw` kernel module with parameter raw_before_defrag=1. In openwrt module parameters are specified after module names separated by space in files located in `/etc/modules.d`. -In traditional linux check whether `iptables-legacy` or `iptables-nft` are used. If legacy create the file +In traditional linux check whether `iptables-legacy` or `iptables-nft` is used. If legacy create the file `/etc/modprobe.d/ip6table_raw.conf` with the following content : ``` options ip6table_raw raw_before_defrag=1