On Tue, 11 Apr 2000, Theodore Y. Ts'o wrote:
And the latest kludge which has been called to my attention is ISP's
that tamper with the MSS values in TCP SYN packets in flight. This is
done to work around smaller MTU's caused by PPP over Ethernet (and other
tunnelling mechanisms) interacting badly with Path MTU discovery
failures, which in turn are caused by firewalls that filter out the
wrong sorts of ICMP packets.
Hmmm, yet another thing which IPSEC will break.....
Any specific ISP's that one could care to name? Coming from an ISP, what
I've seen in general is that most routers have just enough cycles in the
forwarding path to keep up with the offered traffic, much less sit around
watching for SYN's in flight so as to mutate the MSS values. In fact, I'd
think this would be more of an end system issue rather than a "core" or a
"backbone" issue, where the end system is the box prior to the ISP handoff
and not quite under the ISP's control and not the end system as in the
end2end tcp/ip sense of the word.
/vijay