From owner-freebsd-net@FreeBSD.ORG Sun Feb 6 16:47:47 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40FBE106566C for ; Sun, 6 Feb 2011 16:47:47 +0000 (UTC) (envelope-from jfesler@gigo.com) Received: from goat.gigo.com (ipv6.gigo.com [IPv6:2001:470:1:18::2]) by mx1.freebsd.org (Postfix) with ESMTP id 241678FC0A for ; Sun, 6 Feb 2011 16:47:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by goat.gigo.com (Postfix) with ESMTP id F3D70B8DC; Sun, 6 Feb 2011 08:47:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gigo.com; h= content-type:mime-version:user-agent:references:message-id :in-reply-to:subject:from:date:received:received; s=s1; t= 1297010866; bh=u0jRmC2DC7mNnfusN2+diev01+iKbpmWxMM/eh68opo=; b=U jfTi35LnoE1/62YG/YscnYbO80kitX/r8KLOnlWdXG4FlGeNxPm538mkKhkuFqU7 qvOVmWTNeLSDeJSmJlQQk/3hD6FlIn228I8sIGaIH/bzn1vmbWwW1KkjKbQvAK3Q E9+00rUudOvjajG1gqYUvtka6jdyqsZDlkfCSOCSMQ= Received: from goat.gigo.com ([127.0.0.1]) by localhost (vette.gigo.com [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id KoBl8fNwTx6N; Sun, 6 Feb 2011 08:47:46 -0800 (PST) Received: from goat.gigo.com (unknown [IPv6:2001:470:1:18::114]) by goat.gigo.com (Postfix) with ESMTPS id C3A72B85B; Sun, 6 Feb 2011 08:47:46 -0800 (PST) Date: Sun, 6 Feb 2011 08:47:46 -0800 (PST) From: Jason Fesler To: Mike Tancsa In-Reply-To: <4D4E799A.50902@sentex.net> Message-ID: References: <4D4E799A.50902@sentex.net> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: MSS rewrite / MSS clamping? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Feb 2011 16:47:47 -0000 Thanks everyone. I'll summarize the questions I saw, in one message here: Boris Kochergin wrote: > pf.conf(5) mentions a "max-mss" option for traffic normalization. Bingo. That indeed solved what I was after, and had been overlooking. For the mailing list archives, my /etc/pf.conf : | scrub in on em0 inet6 proto tcp to XXX port 80 max-mss 1220 | scrub out on em0 inet6 proto tcp from XXX to any port 80 max-mss 1220 | pass all Mike Tancsa says: > I am curious as to where you would be running into MTU issues on IPv6 > where you would need to manually compensate ? Broken tunnel providers ? First the why: I do see broken PMTU cases on a site (test-ipv6.com). My hope is, as I have resources contributed, to find a way to effectively test different MTU's without having multiple NICs and without tricks like adding a router in the middle with multiple vlans. As to causes: It can be people who never learned from IPv4 that filtering *all* ICMP is bad, are in charge of the ICMPv6 filters. It can be the 6in4 tunnel, hits a smaller MTU - but the ICMPv4 message to the tunnel origin does not really help the IPv6 origin. There is the standard, then there is reality; I see a *ton* of people with broken PMTUD on IPv6. :-( Bjoern A. Zeeb says: > MSS clamping is a bad workaround for broken PMTU, and the real answer > really is, get the paths fixed! Agreed. But, like IPv4, fixing PMTU is death by a thousand paper cuts, especially when you're the content provider side. Via private email: > I do this from my dhcpd, it may be feasible in your environment. > option max-mtu IIRC In some environments, that may indeed be feasible. In my case, every server I touch has a static address, except during OS install. I also need different IPs to at least emulate different MTUs; and one wants to use the same MTU across a given broadcast domain.