İbrahim Ercan <ibrahim.metu@xxxxxxxxx> wrote: > Until here there is nothing wrong. Now see what happen when I set > client mss value to 1260 by changing mtu. [..] > Internal interface > 10.0.0.215.60802 > 10.0.1.213.80: Flags [S], seq 36636545, win 197, > options [mss 536,sackOK,TS val 99747035 ecr 6054999,nop,wscale 7], > length 0 > 10.0.1.213.80 > 10.0.0.215.60802: Flags [S.], seq 3600660781, ack > 36636546, win 14480, options [mss 1460,sackOK,TS val 16773019 ecr > 99747035,nop,wscale 2], length 0 > > As you can see syn proxy respond to client with same mss value and > open connection to back end with 536. But I suppose, It should send > 1460 to client and 1260 to server. Problem is that we do not keep any state. Syncookes are restricted to 4 mss value: static __u16 const msstab[] = { 536, 1300, 1440, /* 1440, 1452: PPPoE */ 1460, }; So, 1260 forces lowest value supported. The table was based off a research paper that had mss distribution tables. Maybe more recent data is available and if things have changed we could update the table accordingly.