-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "itojun" == itojun  <itojun@iijlab.net> writes:
    itojun> we may be able to go through tcb table and mark all the tcp
    itojun> connections between the same address pair as "PMTUD broken".

  Okay.

    itojun> however, i don't really like this since PMTUD breakage detection
    itojun> is way too unreliable.  if we have a reliable way to detect PMTUD
    itojun> breakge, "mark all connection" approach looks fine for me.

  If it has false positives (there is a blackhole), then we waste bandwidth.
  If it has false negatives, then we have dead connections.

  I know which one that I prefer :-)

  If the rate of false positives is very high, then some may argue that this
is equivalent to turning off PMTU, but I'd rather have it on. 

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [






-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface

iQCVAwUBOvanpIqHRg3pndX9AQEwMwQAgIKO8a1BiAqJs2vBRw8l4V9rFkXSKMzi
s9U41MMSAiuOmsgN3ah6C+rMR5PNg7AsWM/Mw6OCPsTNInV4AVvC+/2dKPgoJgp0
Z6P6T66jvjZNGgOejfqiJHbxc+ht+p6ytA7iJ+IIkiLACM/GVrkb5fT1aXVpKPyI
ZnMn3NoPlKY=
=8WDw
-----END PGP SIGNATURE-----