Subject: Re: Patch for timiting TCP MSS (i.e. for new PPPoE)
To: None <>
From: David Laight <>
List: tech-net
Date: 12/04/2001 15:41:56
Is it possible - of course it is :-) everything is possible... - to
dynamically determine the TCP MSS for a given connection?

Something along the lines of:
Detect the largest segment you've had an ack for, if you have to retransmit
a large segment (more than once?) try reducing its size to (say) half way
between the largest segment size which has worked, and the current size.
Creep the MSS up until things fail again.
(a bit like the 'slow start' stuff for window sizes)

Don't think you can detect IP fragmentation being done by a router though!

I had to do someting similar for LLC2, where many ethernet cards (particularly
8-bit ISA ones) do not have enough buffer space for the 15 packet rx window
advertised by their protocol stack.  Required an interesting ACK strategy as


----- Original Message ----- 
From: Rick Byers <>
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
Cc: <>; <>
Sent: Tuesday, December 04, 2001 2:55 PM
Subject: Re: Patch for timiting TCP MSS (i.e. for new PPPoE)

> > > Broken networks will allways require ugly hacks to work around their
> > > problems.
> >
> > No; better to break them as widely as possible to get them fixed.
> > Working around their problems only removes their incentive to fix them.
> I whole heartadly agree - in theory.  But unfortunantly its too late for
> anyone here to break theese networks widely enough for them to care.
> Maybe someone like Microsoft could do it (apparently MS chose not to
> include MSS clamping in their XP PPPoE software), but even that would be
> hard - people are already lowering their MTUs or abandoing MS RASPPPoE in
> favour of one with MSS clamping.  But NetBSD is too insignificant from the
> web site operator's point of view.  As far as Bank of Montreal was
> concerned, I was just an individual with an isolated problem due to an
> obscure setup.  They essentially told me that they weren't going to change
> their network, no matter how broken it was, because the risk of any
> configuration change at all outweighs one unhappy customer.
> I respect the idealism of such a position, but its hard to stick with it
> when it means loosing access to 5% of web sites, including my banks
> on-line banking.  If NetBSD sticks with no MSS clamping option, it will
> hurt the users much more than help solve the problem.
> Instead, someone should start some kind of awareness/advocy group which
> can act as a combined voice to get theese sorts of problems fixed.  It
> would be really cool if NetBSD could auto-detect blackholed sites and add
> the IPs a local list of broken hosts, which would get submitted to an
> advocy site for automatic testing, public listing, and notification
> e-mails.  I think such a complex system could help significantly, but
> it'll never eliminate the need for a work around.  Look at the
> history of open-relays.  Some sites STILL refuse to close their mail
> relays, even though millions of people now block all e-mail from them.
> While we wait for incompentant network admins to get a clue, either WE
> suffer, or we swallow our pride and implement (temporary) work-arounds.
> Rick