Re: clampmss only partially working on 2.6 kernelmode pppoe?

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Joris <joriske@gmail.com>
To: Jason Opperisano <opie@817west.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: clampmss only partially working on 2.6 kernelmode pppoe?
Date: Sun, 13 Feb 2005 08:25:26 +0100	[thread overview]
Message-ID: <afcf62020502122325604a89c5@mail.gmail.com> (raw)
In-Reply-To: <1108217691.4462.37.camel@hubcap.ljm.dom>

On Sat, 12 Feb 2005 09:14:51 -0500, Jason Opperisano <opie@817west.com> wrote:
> On Sat, 2005-02-12 at 09:08, Jason Opperisano wrote:

> keep in mind that "--clamp-mss-to-pmtu" relies on the fact that PMTU
> discovery works along the path of your communication--this is not always
> a valid assumption these days.

Hmmmkay, but then why does it also not work when I manually set the
mss, even to silly low settings like 500?
iptables -I FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--set-mss 1300

Perhaps I'm looking in a totally wrong direction to find the cause?
When I reduce the mtu of the masqueraded host (on the local network)
to the mtu of the ppp connection, all problems disappear. (and no,
that's no real solution ;)

>   tcpdump -n -nn -p -i $EXTIF \
>     'icmp[icmptype] = icmp-unreach and icmp[icmpcode] = 4'

This does not match a single packet while testing the login.
I've done a tcpdump (-s0 -w), it's available at http://et.yi.org/hotmail.dump
Ethereal claims "unassembled packet" serveral times, but that may or
may not have anything to do with this problem, it doesn't seem
uncommon with ssl data.

Friendly greetings,
Joris

     prev parent reply	other threads:[~2005-02-13  7:25 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-02-12  6:41 clampmss only partially working on 2.6 kernelmode pppoe? Joris
2005-02-12 14:08 ` Jason Opperisano
2005-02-12 14:14   ` Jason Opperisano
2005-02-13  7:25     ` Joris [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=afcf62020502122325604a89c5@mail.gmail.com \
    --to=joriske@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    --cc=opie@817west.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox