Hi Rusty,
> In message <200009071814.e87IEfA06978@xxxxxxxxxxxxx> you write:
> > Rusty, what would you think of adding the missing hooks to the 'mangle'
> > table; extending its purpose to general packet alteration, not just
> > changing stuff that influences routing?
>
> Yes; this would be a win. Since it's generally a network hackers toy,
> we should make it less restrictive. But the code freeze means it will
> remain a separate patch until 2.4.1 at least.
IMHO such a straightforward/low-risk change should go in right away.
Why not look at it as a "design bug-fix" rather than a feature addition?
:-)
> Now: what priority should it be? Does it matter?
You mean hook priority? I don't think it really matters in this case.
> > I am also considering implementing a --clamp-mss-to-mtu option to the
>
> This would be excellent; even better to use the path mtu, so if
> someone else has a lower MTU (causing the first TCP connection to
> stall), the second one might succeed.
Ok, support for --clamp-mss-to-pmtu option has been implemented and
checked-in; please review code changes.
Recommended usage is now:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
[but wouldn't it be neater with "-t mangle" ? :-)]
Cheers,
Marc
> Rusty.
> --
> Hacking time.
>
|