From mboxrd@z Thu Jan 1 00:00:00 1970 From: Philip Craig Subject: Re: ipt_tcpmss_target: bad length Date: Mon, 18 Aug 2003 13:03:21 +1000 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3F4041F9.1030004@snapgear.com> References: <269A1D930039744AB5A54123F2D74BCD4A49@dc0.nl.corp.keenondots.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <269A1D930039744AB5A54123F2D74BCD4A49@dc0.nl.corp.keenondots.net> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Laurens van Alphen Cc: netfilter@lists.netfilter.org Laurens van Alphen wrote: > Today, I received this kernel log entry via e-mail: > > Aug 17 14:19:17 filter0 kernel: ipt_tcpmss_target: bad length (472 > bytes) > > Using Google, I could not find a single useful meaning of this message. Here's the comment from the source code which explains it: /* Since it passed flags test in tcp match, we know it is is not a fragment, and has data >= tcp header length. SYN packets should not contain data: if they did, then we risk running over MTU, sending Frag Needed and breaking things badly. --RR */ In other words, SYN packets cannot have data, so the total length of the packet must be the same as the tcp header length, otherwise it is a bad length. -- Philip Craig - philipc@snapgear.com - http://www.SnapGear.com SnapGear - Custom Embedded Solutions and Security Appliances