> 2) Our NAT code appears to corrupt locally-generated needs-frag ICMP
>    messages, so a NetBSD router separating, say, an MTU-1400 PPPOE link
>    and an MTU-1500 Ethernet will create a Path MTU blackhole.

Maybe, but the typical PPPoE router will have a 1492 byte MTU, and the need
to fragment packet will not be send from the router but from it's pppoe peer.

There is nothing we can fix in this situation, so no way around MSS clamping.

Besides, I've never seen the bug you describe, PMTUD works just fine for
all machines behind my PPPoE router (to most outside machines).


Martin