From: Patrick McHardy <kaber@trash.net>
To: Andreas Steinmetz <ast@domdv.de>
Cc: Linux Kernel Mailinglist <linux-kernel@vger.kernel.org>,
netfilter-devel@lists.netfilter.org
Subject: Re: mss to pmtu clamping partially broken?
Date: Fri, 29 Jun 2007 14:03:07 +0200 [thread overview]
Message-ID: <4684F4FB.9070807@trash.net> (raw)
In-Reply-To: <4684F3D8.1080800@domdv.de>
Andreas Steinmetz wrote:
> Patrick McHardy wrote:
>
>>Andreas Steinmetz wrote:
>>
>>>[...]
>>>The tcpdump on the client shows that the mss of the incoming syn reply
>>>packet is *NOT* clamped to the ppp interface mtu.
>>
>>
>>You forgot to mention *how* you're clamping the MSS. Using
>>TCPMSS? Do you have a rule for incoming packets?
>>
>
>
> The relevant iptables commands I do use for masquerading and clamping are:
>
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
> --clamp-mss-to-pmtu
Two things here:
- tcpdumps on ppp0 will show unclamped packets since they haven't
been forwarded yet
- assuming you have ethernet internally, the PMTU from your router
to the internal hosts is 1500, so it won't do any clamping.
Does that explain it?
A useful thing for TCPMSS for routers would be to clamp to the
minimum of the PMTU of both directions. But thats not supported
so far.
next prev parent reply other threads:[~2007-06-29 12:03 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-29 11:09 mss to pmtu clamping partially broken? Andreas Steinmetz
2007-06-29 11:39 ` Patrick McHardy
2007-06-29 11:58 ` Andreas Steinmetz
2007-06-29 12:03 ` Patrick McHardy [this message]
2007-06-29 12:06 ` Andreas Steinmetz
2007-06-29 12:13 ` Patrick McHardy
2007-06-29 12:16 ` Andreas Steinmetz
2007-07-02 17:02 ` Andreas Steinmetz
2007-06-30 8:35 ` Jan Engelhardt
2007-07-02 17:04 ` Andreas Steinmetz
2007-07-02 18:28 ` Phil Dibowitz
2007-07-02 19:16 ` Krzysztof Oledzki
2007-07-02 19:35 ` Phil Dibowitz
2007-07-02 19:50 ` Krzysztof Oledzki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4684F4FB.9070807@trash.net \
--to=kaber@trash.net \
--cc=ast@domdv.de \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox