Today, I received this kernel log entry via e-mail:
Aug 17 14:19:17 filter0 kernel: ipt_tcpmss_target: bad length (472 bytes)
Using Google, I could not find a single useful meaning of this message.
Here's the comment from the source code which explains it:
/* Since it passed flags test in tcp match, we know it is is not a fragment, and has data >= tcp header length. SYN packets should not contain data: if they did, then we risk running over MTU, sending Frag Needed and breaking things badly. --RR */
In other words, SYN packets cannot have data, so the total length of the packet must be the same as the tcp header length, otherwise it is a bad length.
-- Philip Craig - philipc@xxxxxxxxxxxx - http://www.SnapGear.com SnapGear - Custom Embedded Solutions and Security Appliances
