Johnson峰的部落格

設定為 syslog 後，發現這個訊息一直出來，主要的訊息只有一行 「Bad TCP checksum 值」

主機 [webmail] 記錄時間 2009-12-29 03:38:55 機構 daemon 等級 err 程式 pppoe
訊息內容 Bad TCP checksum a432

於是我 google 了一下，發現要在 pppoe.conf 設定 "CLAMPMSS=no" 方可。

資料來源.. http://plasma-gate.weizmann.ac.il/Linux/maillists/...

Here is what i found (if it hasn't been found before):
1) solved by editing the pppoe.conf and setting "CLAMPMSS=no"
   also, you need to use the internal CLAMPMSS of netfilter to compensate (if you don't already.):
$iptdir -t filter -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
2) the reason it (usually) happens is because you have the CLAMPMSS set to 1412 and you have also
set netfilter to:
$iptdir -t filter -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
at the same time. choose one, preferably leave netfilter in place to avoid freezes at unexpected
time.
3) The reason it happens is because you have short circuted the modem to the hub and the pppoe
protocol or software have trouble keeping things in sync because of timeouts that were generated by
the network collisions.
the solution is to seperate the modem network from the home network so no collisions will happen.
however, the CLAMPMSS=no could also help since it can reduce overheads and thus lower timeouts (if
any)though i didn't check that. other things can help like increasing timeouts, changing
synchronization options but i didn't try them and it seems too much hassle, it would be cheaper by
time/money to just buy another 30 nis ethernet card and be done with it.

因此我修改了我的系統( OS Linux webmail.tcc.edu.tw 2.6.9-78.0.8.ELsmp #1 SMP 2008 )

我們設定存在 /etc/sysconfig/network-scripts/ifcfg-ppp0 修改成：

CLAMPMSS=no