TCPMSS is not restricted to mangle table
Patrick McHardy
kaber at trash.net
Tue Dec 6 06:12:31 CET 2005
Aleksandar Milivojevic wrote:
> Patrick McHardy wrote:
>
>> Thanks, I didn't know this, I'm going to change this to refer to
>> the mangle table. This still leaves the option of a warning, but
>> want I really wanted to know was whether anyone cares. From a
>> consistency point of view it should be restricted, for the
>> functionality it doesn't matter.
>
>
> From consumer (of your code) point of view, I do care. The current
> documentation was clearly encouraging (by example) use of TCPMSS from
> filter table. My guess is that majority of production systems using
> TCPMSS target are using it from filter table. If the only reason is
> consistency (nothing is going to be fixed by the change, and nothing is
> going to be broken by leaving it as is), a warning now (in manual page,
> right next to the example) and change on next major kernel release (2.7)
> might be the best approach. I'd leave things as is for 2.6 series of
> kernels.
I agree. Just to make it clear, I do not intend to break it for no
good reason. I was just surprised that when trying to unload it
after flushing the mangle table there was still one reference left
(from the debian ppp ip-up script). There is one potential reason
to change it, packet classification algorithms like nf-hipac have
an easier job if they can rely on certain conditions, like no
changing of the packet in the filter table. But for now I've only
updated the man-page.
More information about the netfilter-devel
mailing list