Adjust Maximum Segment Size?
Andre Oppermann
andre at freebsd.org
Wed May 28 11:10:06 UTC 2008
Stefan Lambrev wrote:
> Ermal Luçi wrote:
>> On Tue, May 27, 2008 at 8:04 PM, Stefan Lambrev
>> <stefan.lambrev at moneybookers.com> wrote:
>>
>>> Greetings,
>>>
>>> Alexander Motin wrote:
>>>
>>>> Stefan Lambrev wrote:
>>>>
>>>>>> Yes, You can with ng_tcpmss
>>>>>>
>>>>> Isn't it doable only with ipfw/divert when using ng_tcpmss?
>>>>> I have and some concerns about performance too ..
>>>>>
>>>> There are several ways to inject packet to ng_tcpmss:
>>>> - ipfw + divert + ng_ksocket. It should be faster then usual
>>>> user-level
>>>> implementation
>>>> - ipfw + netgraph as described in ng_tcpmss(4)
>>>> - use ng_tcpmss directly in some complicated netgraph setup. For
>>>> example,
>>>> mpd is able to use it. This is probably the fastest and easiest way,
>>>> but
>>>> only for some setups.
>>>>
>>> Thanks for all ideas.
>>> I think I'll try the route -mtu feature.
>>> Looks like easier for implementation and testing. :)
>>> Anyway it will be good if we have such feature in the base system.
>>> It shouldn't be very difficult? :)
>>>
>>> --
>>>
>>
>> Actually converting ng_tcpmss to pfil(9) should be easy.
>>
> I'm thinking about adding additional checks in tcp_mss() and
> tcp_mssopt() - both in sys/netinet/tcp_input.c
> plus two sysctl entries for max mss and max mss IPv6.
> Does it sound like a reasonable solution or I'm missing something?
Doesn't make sense. You have to differentiate between selecting the
MSS for a connection the terminates/originates locally vs. one that
just passed through the machine.
Local connections observe the MTU setting on the interface and the
routing table entries (tcp_maxmtu()). So you can either reduce the
interface MTU or adjust the MTU on your default route and everything
will work as expected. There is no need for yet another sysctl or
other extensions to tcp_mssopt().
For connections passing through the machine we don't have a direct
equivalent to Cisco IOS ip tcp mss-fixup. Only work-arounds via some
other methods, daemon or kernel module exist. It would make sense
to implement that as a option into ipfw (and pf via OpenBSD).
> P.S. One of the things that bothers me is that pf uses it's own
> pf_get_mss() and pf_calc_mss()
> and they should be fixed accordingly?
--
Andre
More information about the freebsd-net
mailing list