mss to pmtu clamping partially broken?

Phil Dibowitz phil at
Mon Jul 2 20:28:50 CEST 2007

On Mon, Jul 02, 2007 at 07:04:12PM +0200, Andreas Steinmetz wrote:
> Jan Engelhardt wrote:
> > Do you really need clamping? It's a hack, since TCP should do MSS negotiation
> > itself. (Of course it may happen that some routers are broken.) But usually not
> > for incoming packets.
> You never know when you hit ICMP blackholes, broken routers and other
> evil things. Better safe than sorry so clamping is the way to go for me.

I encourage you to report PMTUD Blackholes to the MSS Initiative at

We'll notify them, and if we can't get them to fix it, blacklist them. We have
more fixed sites than blacklisted sites, so it's at least somewhat successful.

Phil Dibowitz                             phil at
Open Source software and tech docs        Insanity Palace of Metallica         

"Never write it in C if you can do it in 'awk';
 Never do it in 'awk' if 'sed' can handle it;
 Never use 'sed' when 'tr' can do the job;
 Never invoke 'tr' when 'cat' is sufficient;
 Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter-devel/attachments/20070702/58faa144/attachment.pgp

More information about the netfilter-devel mailing list