[Shorewall-users] Way OT: MSS/MTU question.

chris ck2 at softhome.net
Mon Dec 15 11:29:10 PST 2003

Joshua Banks wrote:

>I've been trying to track down the answer to this and am coming up
>empty handed. I'm hoping someone might shed some light on the
>following regarding mtu/mss values.
>When I do: "netstat -rn"  or "route -nee"
>Why is the "mss" value "40" ? Everything works just fine. (e.g...
>downloading email attatchments and doing file tranfers so I'm
>thinking that this is a bug of some sort.)

Well, from what I remember, the MSS value isn't determined by YOU, it's 
set by the RECEIVER of the segment.  Therefore, it's possible that 
during the establishment of the connections you showed, the receivers 
set the MSS to 40.

OTOH, the MTU value IS set by you...and fragmented as needed as it 
travels through networks with smaller MTU values....

>I know that -IP header (20 bytes) and -TCP heard (20 bytes) would give
>you MTU -40 bytes wich would give you a MSS value or 1460 bytes for
>ethernet. Does anyone have any ideas why or links that point to an
>explanation of this low MSS value.

Not really following how you're making this calculation, but both TCP 
and IP headers are a minimum of 20 bytes and can go as high as 60 bytes 
with the available options.  Adding these two together doesn't determine 
your MTU since the final frame (which is where the MTU matters) is made 
up of MORE than just the IP and TCP headers. 
Another thing, MSS is the size of the DATA package in the TCP 
segment...NOT the size of the header or header plus data.  The name Max 
Segment Size is really a misnomer since the size of the MSS does not 
include the size of the header....only the size of the data.

Hope maybe this helps somehow.


More information about the Shorewall-users mailing list