From: William Allen Simpson <william.allen.simpson@gmail.com>
To: Simon Arlott <simon@fire.lp0.eu>
Cc: netdev <netdev@vger.kernel.org>,
Patrick McHardy <kaber@trash.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] xt_TCPMSS: SYN packets are allowed to contain data
Date: Tue, 19 Jan 2010 10:44:50 -0500 [thread overview]
Message-ID: <4B55D372.4020807@gmail.com> (raw)
In-Reply-To: <dad314e12c5750b1b5d70c3ea3c6f6134b8fa0f3@8b5064a13e22126c1b9329f0dc35b8915774b7c3.invalid>
Simon Arlott wrote:
> On Tue, January 19, 2010 09:17, William Allen Simpson wrote:
>> 2) There certainly *can* be data on SYN. That code is already in
>> 2.6.33....
>
> I could change the comment too, but the same logic applies when
> there is data and no MSS option - the packet can't be increased
> in size if it would then exceed 576 bytes and/or the destination
> MTU.
>
Please change the comment.
If there is no MSS option, it should *not* be added, under *ANY*
circumstances. That violates the end-to-end arguments (some call
them principles).
MSS isn't about the _destination_ MTU, it's about the *source*.
If you cannot guarantee you know the source MTU, there's no basis
for deciding the MSS.
While I understand that sometimes it's useful to reduce (never,
NEVER, *NEVER* increase) the MSS as a packet goes into a tunnel
(because there are problems in some NAT'd networks with determining
Path MTU via ICMP), I'm not aware of any circumstance where the MSS
would need to be reduced below 536.
I'm having some difficulty figuring out how this code originated --
with a nice log entry explaining the exact manufacturer's device
and network topology that the contributor had in mind?
> If it's possible to know that the packet can have an additional
> option added without exceeding MTU then this could be changed.
> The data part would need to be moved to make space at the end of
> the header.
>
No options should be added to TCP in a router -- ever!
next prev parent reply other threads:[~2010-01-19 15:44 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-18 21:08 [PATCH] xt_TCPMSS: SYN packets are allowed to contain data Simon Arlott
2010-01-19 9:17 ` William Allen Simpson
2010-01-19 9:30 ` Patrick McHardy
2010-01-19 12:43 ` Simon Arlott
2010-01-19 12:53 ` Patrick McHardy
2010-01-19 12:50 ` Simon Arlott
2010-01-19 15:44 ` William Allen Simpson [this message]
2010-01-20 12:59 ` Simon Arlott
2010-01-20 21:21 ` Simon Arlott
2010-01-20 21:39 ` Jan Engelhardt
2010-01-20 21:41 ` Jan Engelhardt
2010-01-20 21:51 ` Simon Arlott
2010-01-20 22:22 ` Amos Jeffries
2010-01-20 23:14 ` Patrick McHardy
2010-01-21 12:47 ` Simon Arlott
2010-01-21 12:58 ` Jan Engelhardt
2010-01-21 13:02 ` Patrick McHardy
2010-01-21 20:13 ` Simon Arlott
2010-02-02 14:34 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B55D372.4020807@gmail.com \
--to=william.allen.simpson@gmail.com \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=simon@fire.lp0.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).