On Sun, 2 Dec 2001, Steven M. Bellovin wrote:

> >In order to work around buggy networks suffering from the PMTU blackhole
> >problem (see RFC 2923), I've written up a quick patch which adds a sysctl
> >to limit the advertised TCP MSS (I this this is preferable to lowering
> >the interface MTU).  Ideally, this could be configured per interface or
> >per route, or even auto-detected on a host-by-host basis - but all of
> >those options require much more work.
>
> But the problem is that a per-connection fix requires changing every
> application.  I don't think that that scales.

I said per host, not per connection - it certainly shouldn't have anything
to do with the application level.  As for per host, I was thinking of just
keeping a table similar to the pmtu discovery table, which indicates that
a host is suspected of being blackholed and that an artificially low MSS
should be used for it.  Of course, making that determination could only be
an ugly hack and probably error prone.  This is probably even uglier than
the TCP MSS clamping that most PPPoE software does, and so not really
worth pursuing.

Rick