Re: strange behaviour

NetFilter

Re: strange behaviour

To:	Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Subject:	Re: strange behaviour
From:	Cedric Blancher <blancher@cartel-securite.fr>
Date:	Tue, 27 Feb 2007 09:55:09 +0100
Cc:	netfilter@lists.netfilter.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<45E31C5C.8010707@plouf.fr.eu.org>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Organization:	Cartel Securite
References:	<20070226124547.69013.qmail@web36804.mail.mud.yahoo.com> <45E2F479.7020804@plouf.fr.eu.org> <1172502565.4265.118.camel@anduril.intranet.cartel-securite.net> <45E2FE20.90701@plouf.fr.eu.org> <1172506681.4265.155.camel@anduril.intranet.cartel-securite.net> <45E31C5C.8010707@plouf.fr.eu.org>
Sender:	netfilter-bounces@lists.netfilter.org

Le lundi 26 février 2007 à 18:43 +0100, Pascal Hambourg a écrit :
> Actually "clamp" means "decrease if bigger", the MSS is clamped only 
> when it is bigger than PMTU - 40. So it won't break anything. It will 
> just have no effect.

Right, I didn't read the code far enough to notice that:

if (tcpmssinfo->mss == IPT_TCPMSS_CLAMP_PMTU && oldmss <= newmss)
        return IPT_CONTINUE;

> What about :
> iptables -t mangle -A FORWARD -o eth1 -p tcp --tcp-flags SYN,RST SYN \
>    -m tcpmss --mss 1453: -j TCPMSS --set-mss 1452

Makes sense.


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
strange behaviour, angico Re: strange behaviour, Askar Ali Re: strange behaviour, Silvio Fonseca Re: strange behaviour, Pascal Hambourg Re: strange behaviour, Cedric Blancher Re: strange behaviour, Pascal Hambourg Re: strange behaviour, Cedric Blancher Re: strange behaviour, Pascal Hambourg Re: strange behaviour, Cedric Blancher <= Re: strange behaviour, angico Re: strange behaviour, Cedric Blancher Re: strange behaviour, angico Re: strange behaviour, Martijn Lievaart

Previous by Date:	RE: FTP Problem, Rob Sterenborg
Next by Date:	IPv6 MARK support, mael\.boutin\@laposte\.net
Previous by Thread:	Re: strange behaviour, Pascal Hambourg
Next by Thread:	Re: strange behaviour, angico
Indexes:	[Date] [Thread] [Top] [All Lists]