Pawel Foremski writes: > For example because MPPE is optional and some sessions may be encrypted and > some not. As I mentioned, we cannot influence the ISP in topic. > > More generally, I wanted to present an example of a layer-2 encapsulation > that Linux does not know or (as in this case) can't modify the data in it, > thus it cannot fix the TCP MSS value.
Given the same problem (securely bridging PPPoE over WiFi) I would gone with an approach that peeked inside to see if there was MPPE and in that case done nothing and if there was no MPPE adjusted the MSS of any TCP traffic and wrapped it in another layer of IPsec+GRE. The latter eats up another 40-60 bytes of MTU/MSS but on the positive side has known security properties and has no reordering issues. However, given that the code would be rather ugly (lots of layering violations) I wouldn't have a high expectation of that code being accepted into a major Linux tree unless bridged PPPoE over WiFi was something that lots of users were clamouring for. Hopefully PPPoE will die out and make the issue moot. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
