Subject: Re: Patch for timiting TCP MSS (i.e. for new PPPoE)
To: Rick Byers <>
From: Steven M. Bellovin <>
List: tech-net
Date: 12/02/2001 18:12:01
In message <Pine.NEB.4.33.0112021419560.1820-100000@Apenheul.BigScaryChildren.n
et>, Rick Byers writes:
>In order to work around buggy networks suffering from the PMTU blackhole
>problem (see RFC 2923), I've written up a quick patch which adds a sysctl
>to limit the advertised TCP MSS (I this this is preferable to lowering
>the interface MTU).  Ideally, this could be configured per interface or
>per route, or even auto-detected on a host-by-host basis - but all of
>those options require much more work.

But the problem is that a per-connection fix requires changing every 
application.  I don't think that that scales.

		--Steve Bellovin,
		Full text of "Firewalls" book now at