mss to pmtu clamping partially broken?
phil at ipom.com
Mon Jul 2 20:28:50 CEST 2007
On Mon, Jul 02, 2007 at 07:04:12PM +0200, Andreas Steinmetz wrote:
> Jan Engelhardt wrote:
> > Do you really need clamping? It's a hack, since TCP should do MSS negotiation
> > itself. (Of course it may happen that some routers are broken.) But usually not
> > for incoming packets.
> You never know when you hit ICMP blackholes, broken routers and other
> evil things. Better safe than sorry so clamping is the way to go for me.
I encourage you to report PMTUD Blackholes to the MSS Initiative at
We'll notify them, and if we can't get them to fix it, blacklist them. We have
more fixed sites than blacklisted sites, so it's at least somewhat successful.
Phil Dibowitz phil at ipom.com
Open Source software and tech docs Insanity Palace of Metallica
"Never write it in C if you can do it in 'awk';
Never do it in 'awk' if 'sed' can handle it;
Never use 'sed' when 'tr' can do the job;
Never invoke 'tr' when 'cat' is sufficient;
Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter-devel/attachments/20070702/58faa144/attachment.pgp
More information about the netfilter-devel