You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The PPPoE headers take away 8 bytes of space from the 1500 bytes of ethernet packets, therefore the advertised tcpmss should be reduced accordingly from 1460 to 1452 bytes.
With nftables the documented way to clamp the tcp maximum segment size is with the following command:
nft add rule ip filter forward tcp flags syn tcp option maxseg size set 1452
or alternatively:
nft add rule ip filter forward tcp flags syn tcp option maxseg size set rt mtu
Unfortunately these rules don't work as intended on big-endian architectures because of a byte-swapping bug in the kernel that mangles the mss to 0, disrupting the tcp connections.
This kernel bug is fixed since linux v5.7 but apparently the [[https://github.com/torvalds/linux/commit/2e34328b396a69b73661ba38d47d92b7cf21c2c4|fix 2e34328b396a]] was never backported to v5.4
I've personally patched and tested the fix on my device and verified that it works, and I'm now carrying the patch in my personal git repo.
Given that nftables is not a first-class citizen of OpenWRT yet I assigned this bug-report a low priority, nonetheless it would be nice if it's fixed.
The text was updated successfully, but these errors were encountered:
fseek:
The problem manifested itself on a TP-Link Archer C7:
The PPPoE headers take away 8 bytes of space from the 1500 bytes of ethernet packets, therefore the advertised tcpmss should be reduced accordingly from 1460 to 1452 bytes.
With nftables the documented way to clamp the tcp maximum segment size is with the following command:
or alternatively:
Unfortunately these rules don't work as intended on big-endian architectures because of a byte-swapping bug in the kernel that mangles the mss to 0, disrupting the tcp connections.
This kernel bug is fixed since linux v5.7 but apparently the [[https://github.com/torvalds/linux/commit/2e34328b396a69b73661ba38d47d92b7cf21c2c4|fix 2e34328b396a]] was never backported to v5.4
I've personally patched and tested the fix on my device and verified that it works, and I'm now carrying the patch in my personal git repo.
Given that nftables is not a first-class citizen of OpenWRT yet I assigned this bug-report a low priority, nonetheless it would be nice if it's fixed.
The text was updated successfully, but these errors were encountered: