On Jan 24 2008 12:49, Jaco Kroon wrote: >> >> Doesn't the patch "xt_TCPMSS: don't allow netfilter --setmss to increase mss" >> applied to 2.6.25 about a month ago already do this ? > > I haven't followed that. I'm running stable (2.6.23.14 atm) on most of my > systems, my notebook is still on -rc8 for 2.6.24. I've just had a specific > problem that had a need to be scratched, but yes, based on the description you > gave that would do _exactly_ that. > > Random question: What happens with the case where we explicitly _want_ to break > the MSS? In other words, to set it to something insane like 3000 in order to > test other equipment. Ideally, no TCPMSS would be needed as TCP does PMTUD itself, similarly for UDP (though _you_ need to do it yourself there). - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html