From owner-svn-src-head@FreeBSD.ORG  Wed Sep 15 10:39:30 2010
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 69C32106564A;
	Wed, 15 Sep 2010 10:39:30 +0000 (UTC)
	(envelope-from andre@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 5A5228FC13;
	Wed, 15 Sep 2010 10:39:30 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o8FAdUWV030418;
	Wed, 15 Sep 2010 10:39:30 GMT (envelope-from andre@svn.freebsd.org)
Received: (from andre@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o8FAdU4H030416;
	Wed, 15 Sep 2010 10:39:30 GMT (envelope-from andre@svn.freebsd.org)
Message-Id: <201009151039.o8FAdU4H030416@svn.freebsd.org>
From: Andre Oppermann <andre@FreeBSD.org>
Date: Wed, 15 Sep 2010 10:39:30 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r212653 - head/sys/netinet
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2010 10:39:30 -0000

Author: andre
Date: Wed Sep 15 10:39:30 2010
New Revision: 212653
URL: http://svn.freebsd.org/changeset/base/212653

Log:
  Change the default MSS for IPv4 and IPv6 TCP connections from an
  artificial power-of-2 rounded number to their real values specified
  in RFC879 and RFC2460.
  
  From the history and existing comments it appears that the rounded
  numbers were intended to be advantageous for the kernel and mbuf
  system.  However this hasn't been the case at for at least a long
  time.  The mbuf clusters used in tcp_output() have enough space
  to hold the larger real value for the default MSS for both IPv4 and
  IPv6.  Note that the default MSS is only used when path MTU discovery
  is disabled.
  
  Update and expand related comments.
  
  Reviewed by:	lsteward (including some word-smithing)
  MFC after:	2 weeks

Modified:
  head/sys/netinet/tcp.h

Modified: head/sys/netinet/tcp.h
==============================================================================
--- head/sys/netinet/tcp.h	Wed Sep 15 10:39:21 2010	(r212652)
+++ head/sys/netinet/tcp.h	Wed Sep 15 10:39:30 2010	(r212653)
@@ -103,29 +103,37 @@ struct tcphdr {
 
 
 /*
- * Default maximum segment size for TCP.
- * With an IP MTU of 576, this is 536,
- * but 512 is probably more convenient.
- * This should be defined as MIN(512, IP_MSS - sizeof (struct tcpiphdr)).
- */
-#define	TCP_MSS	512
-/*
- * TCP_MINMSS is defined to be 216 which is fine for the smallest
- * link MTU (256 bytes, AX.25 packet radio) in the Internet.
- * However it is very unlikely to come across such low MTU interfaces
- * these days (anno dato 2003).
- * See tcp_subr.c tcp_minmss SYSCTL declaration for more comments.
- * Setting this to "0" disables the minmss check.
+ * The default maximum segment size (MSS) to be used for new TCP connections
+ * when path MTU discovery is not enabled.
+ *
+ * RFC879 derives the default MSS from the largest datagram size hosts are
+ * minimally required to handle directly or through IP reassembly minus the
+ * size of the IP and TCP header.  With IPv6 the minimum MTU is specified
+ * in RFC2460.
+ *
+ * For IPv4 the MSS is 576 - sizeof(struct tcpiphdr)
+ * For IPv6 the MSS is IPV6_MMTU - sizeof(struct ip6_hdr) - sizeof(struct tcphdr)
+ *
+ * We use explicit numerical definition here to avoid header pollution.
  */
-#define	TCP_MINMSS 216
+#define	TCP_MSS		536
+#define	TCP6_MSS	1220
 
 /*
- * Default maximum segment size for TCP6.
- * With an IP6 MSS of 1280, this is 1220,
- * but 1024 is probably more convenient. (xxx kazu in doubt)
- * This should be defined as MIN(1024, IP6_MSS - sizeof (struct tcpip6hdr))
+ * Limit the lowest MSS we accept from path MTU discovery and the TCP SYN MSS
+ * option.  Allowing too low values of MSS can consume significant amounts of
+ * resources and be used as a form of a resource exhaustion attack.
+ * Connections requesting lower MSS values will be rounded up to this value
+ * and the IP_DF flag is cleared to allow fragmentation along the path.
+ *
+ * See tcp_subr.c tcp_minmss SYSCTL declaration for more comments.  Setting
+ * it to "0" disables the minmss check.
+ *
+ * The default value is fine for the smallest official link MTU (256 bytes,
+ * AX.25 packet radio) in the Internet.  However it is very unlikely to come
+ * across such low MTU interfaces these days (anno domini 2003).
  */
-#define	TCP6_MSS	1024
+#define	TCP_MINMSS 216
 
 #define	TCP_MAXWIN	65535	/* largest value for (unscaled) window */
 #define	TTCP_CLIENT_SND_WND	4096	/* dflt send window for T/TCP client */