[FS#3231] firewall3: mtu_fix should apply mss clamping for both outgoing and incoming syn packets

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Fri Jul 24 11:39:22 EDT 2020


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

The following task has a new comment added:

FS#3231 - firewall3: mtu_fix should apply mss clamping for both outgoing and incoming syn packets
User who did this - Baptiste Jonglez (bjonglez)

----------
Good bug hunting.

For the record, it's not that obvious that the fix works: it depends on the behaviour of ''--clamp-mss-to-pmtu''.  If it only looks at the PMTU towards the destination IP of the packets, it won't work for incoming packets.

It turns out that ''--clamp-mss-to-pmtu'' looks at both source **and** destination IP and that's why it works:


--clamp-mss-to-pmtu
       Automatically clamp MSS value to (path_MTU - 40 for IPv4; -60 for IPv6).  This may not
       function as desired where asymmetric routes with differing path MTU exist — the kernel
       uses the path MTU which it would use to send packets from itself to the source and
       destination  IP  addresses.  Prior to Linux 2.6.25, only the path MTU to the destination
       IP address was considered by this option; subsequent kernels also consider the path MTU
       to the source IP address.

----------

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3231#comment8590

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the openwrt-bugs mailing list