tech-net: Re: can't raise in kernel pppoe0 with mtu

Subject: Re: can't raise in kernel pppoe0 with mtu > 1460
To: None <tech-net@netbsd.org>
From: Miles Nordin <carton@Ivy.NET>
List: tech-net
Date: 03/22/2005 16:09:42

--pgp-sign-Multipart_Tue_Mar_22_16:09:42_2005-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "cb" == Carl Brewer <carl@bl.echidna.id.au> writes:

    cb> Is there some reason why you're blocking the ICMP type 3 code
    cb> 4 packets?

If the problem is downloading a web page, it would be your ISP's
ADSLAM that sends an ICMP unreachable to the web server.  The ICMP
would never touch your end of the link.  The mssclamp hack is to deal
with webmasters behind firewalls that block all ICMP.  

Blocking all ICMP on your web browser end is wrong, and NAT and 'keep
state' should pass ICMP related to a TCP flow without any extra rules,
if the firewall is bug-free.  However although I grant you it'd be a
mistake to block those packets, I don't think that mistake could cause
the problem mssclamp fixes.

--pgp-sign-Multipart_Tue_Mar_22_16:09:42_2005-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQCVAwUAQkCJlonCBbTaW/4dAQJA3AQAj3oN+vinwHKaWvQIk1AyLNI78O3B+b5m
LNQVJLs/dY152jhDpgwXKsoF7kTSjhg4PS3PjnOsK51iPhJgu+1bSrYtcRr75dHV
KKhK1lTcjvJi9k5HZjt6ZDprtOTGAWkM6/dP96OYHThu4yoS9SbQBBXijXGy6nML
gNu1I9DzqCI=
=jauN
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Tue_Mar_22_16:09:42_2005-1--