On Fri, 18 Mar 2005 20:11:29 +1100
Herbert Xu [off-list ref] wrote:

This patch makes ipt_TCPMSS use the correct MTU value for clamping.
This is a bit tricky actually since TCPMSS can be used in FORWARD,
LOCAL_OUT as well as POST_ROUTING.

In the first two cases we haven't performed IPsec yet so dst_mtu
obviously does the right thing.  As it is, POST_ROUTING is performed
after xfrm_output so MSS clamping is useless there.

With Patrick's IPsec netfilter stuff, there will be a POST_ROUTING
processing before IPsec processing, in which case dst_mtu also returns
exactly what we want.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied, thanks Herbert.

BTW Patrick, how is the IPsec netfilter stuff going?

That boy is seriously backlogged, so I'm not sure how much time
he's gotten to work on that yet.