From mboxrd@z Thu Jan 1 00:00:00 1970 From: Phil Oester Subject: Re: [PATCH 3/5] netfilter: xt_TCPMSS: Fix violation of RFC879 in absence of MSS option Date: Mon, 10 Jun 2013 03:19:54 -0400 Message-ID: <20130610071954.GA13500@gmail.com> References: <1370880461-4265-1-git-send-email-pablo@netfilter.org> <1370880461-4265-4-git-send-email-pablo@netfilter.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Pablo Neira Ayuso , netfilter-devel@vger.kernel.org, davem@davemloft.net, netdev@vger.kernel.org To: David Laight Return-path: Received: from mail-pb0-f49.google.com ([209.85.160.49]:33929 "EHLO mail-pb0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752406Ab3FKO1d (ORCPT ); Tue, 11 Jun 2013 10:27:33 -0400 Received: by mail-pb0-f49.google.com with SMTP id jt11so8447310pbb.8 for ; Tue, 11 Jun 2013 07:27:32 -0700 (PDT) Content-Disposition: inline In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: On Tue, Jun 11, 2013 at 09:43:07AM +0100, David Laight wrote: > Is setting the mss to 536 actually ever sensible? > RFC 879 might say that it is the default (and the minimum > that must be supported), but in practise the actual mss > is very likely to be only slightly shorter than the standard > ethernet mss. > Although strict conformance with RFC 879 might require the mss > be clamped to 536, pragmatically a value much nearer 1400 would > make sense - systems with very low mtu/mss are probably likely > to advertise it. Read the associated bugzilla - there was at least one real world example where setting a higher MSS was causing breakage. Phil https://bugzilla.netfilter.org/show_bug.cgi?id=662