> Of course, you mean "pseudo-device ipfilter"?

Sure, and "options PFIL_HOOKS".
> 
> I see. But in my case, I have to add "mssclamp 1412" (or something smaller
> than 1452. 1412 is the value rp-pppoe's manpage recommends.)

For PPPoE 1452 should be OK (and that what works for me).

I wondered about the rp-pppoe recomendation, and either I understand something
wrong or it is a miscalculation. They probably subtracted the space for IPv4
options too, but the MSS does not include that (i.e. the peer of the TCP
connection needs to subtract options size, if it is sending options).

On the other hand, maybe some broken sites are even more broken and get this
wrong as well.

If I'm wrong here, someone please clue me in.

Martin