undefined | Better HN

0 pointsisodude6y ago0 comments

I read in a note just below --set-mss in man iptables-extensions that iptables will not increase mss if it's already lower than what set in --set-mss.

0 comments

LinuxBender6y ago

Good catch, I totally missed that.

isodudeOP6y ago

I did miss it at first also, but wondered why it didn't increase the value.

LinuxBender6y ago

I'd have to dig into the source code of that module. It makes sense to not raise it artificially higher than the requesting host. I just didn't expect them to have that logic. IPTables usually blindly does whatever bad idea I give it. :-)

cesarb6y ago

Increasing the value would cause problems. If the remote end says its MSS is 512 octets, either it doesn't have enough memory to receive larger packets, or its link MTU is small enough that larger packets will always get dropped.

j / k navigate · click thread line to collapse

0 pointsisodude6y ago0 comments

I read in a note just below --set-mss in man iptables-extensions that iptables will not increase mss if it's already lower than what set in --set-mss.

0 comments

LinuxBender6y ago

Good catch, I totally missed that.

isodudeOP6y ago

I did miss it at first also, but wondered why it didn't increase the value.

LinuxBender6y ago

cesarb6y ago

j / k navigate · click thread line to collapse