[FS#3231] firewall3: mtu_fix should apply mss clamping for both outgoing and incoming syn packets
OpenWrt Bugs
openwrt-bugs at lists.openwrt.org
Fri Jul 24 11:39:22 EDT 2020
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#3231 - firewall3: mtu_fix should apply mss clamping for both outgoing and incoming syn packets
User who did this - Baptiste Jonglez (bjonglez)
----------
Good bug hunting.
For the record, it's not that obvious that the fix works: it depends on the behaviour of ''--clamp-mss-to-pmtu''. If it only looks at the PMTU towards the destination IP of the packets, it won't work for incoming packets.
It turns out that ''--clamp-mss-to-pmtu'' looks at both source **and** destination IP and that's why it works:
--clamp-mss-to-pmtu
Automatically clamp MSS value to (path_MTU - 40 for IPv4; -60 for IPv6). This may not
function as desired where asymmetric routes with differing path MTU exist — the kernel
uses the path MTU which it would use to send packets from itself to the source and
destination IP addresses. Prior to Linux 2.6.25, only the path MTU to the destination
IP address was considered by this option; subsequent kernels also consider the path MTU
to the source IP address.
----------
More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3231#comment8590
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the openwrt-bugs
mailing list