ipfw2/dummynet set new mss on thy fly
Louis A. Mamakos
louie at TransSys.COM
Fri Feb 6 17:11:35 PST 2004
Can't you write a rule that only diverts packets with the SYN bit set?
It's the only time a TCP MSS option is allowed to be set. It doesn't
seem like there's any reason to send all the traffic through tcpmssd.
(And the problem isn't a "wrong" windows implementation, it's broken
Path MTU discovery due to overzelous filtering of ICMP.)
louie
> Hi
>
> Is it possible to modify the mss with ipfw2/dummynet? This is necessary
> to fix wrong window implementations for example for adsl providers.
>
> Something like "modify mss=1452 tcp from any to any out recv em0 xmit
> em1 tcpflags syn". (Of course this string is wrong, it's just to give
> you an impression).
>
> I know there is tcpmssd port but it uses divert. I've to modify every
> packet on gigabit lan (at least 200mb/s traffic). So tcpmssd is a bit to
> slow.
>
> We already have a ipfw1 patch and It's not that difficult to port it to
> ipfw2. But I'm not sure if ipfw2/dummynet already have something similar
> implemented by default.
> Any hints?
>
> cheers,
> Thomas
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list