In message <87u1sgr66j.fsf@gamera.vail>, Hal Snyder writes:
>Steve Bellovin <smb@research.att.com> writes:
>
>> Is there any easy way to change the MTU and the TCP MSS? I'm
>> (temporarily) stuck behind a broken gateway that is dropping "large"
>> packets, so I want to crank down the TCP MSS. I can change the
>> interface mtu via ifconfig, but that doesn't seem to change TCP's
>> idea of how large a segment it wants.
>
>Just a "me too" - we're seeing MTU blackholing due to a gif tunnel
>(MTU 1280) carrying iBGP, and the usual external factors.
>
>(from memory - this was a couple weeks ago)
>
>The obvious convenient workaround seemed to be to set the MTU on 
>Ethernet perimeter interfaces to that of the tunnel, but as noted, the
>MSS hint sent during TCP setup by our NetBSD-1.5 zebra routers did not
>decrease after the change. It did not help to delete cloned routes or
>to try to set a per-route MTU.
>
Right.  I groveled through the code, and found that the route MTU only 
affects outbound packets, not the advertised MSS.  I suspect that 
that's wrong behavior.  Changing the interface MTU (and setting mss_ifmtu
via sysctl) will change the MSS advertisement, but that has bad side 
effects when talking to other machines on the LAN that don't know about 
the new change.

I think that the right thing to do is to have a new sysctl flag
mss_rmx_mtu that will clamp the MSS to the maximum of anything else 
currently used and the route's MTU.  I'll develop a patch and send-pr 
it.  (I note, though, that rmx_mtu seems to have some bearing on Path 
MTU discovery.  I'm not sure yet how things interact.)


		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com