Date: Wed, 28 May 2008 13:10:05 +0200 From: Andre Oppermann <andre@freebsd.org> To: Stefan Lambrev <stefan.lambrev@moneybookers.com> Cc: freebsd-net@freebsd.org, =?UTF-8?B?RXJtYWwgTHXDp2k=?= <ermal.luci@gmail.com> Subject: Re: Adjust Maximum Segment Size? Message-ID: <483D3D8D.2030907@freebsd.org> In-Reply-To: <483D319B.7030303@moneybookers.com> References: <1211891010.00075594.1211880013@10.7.7.3> <1211894613.00075634.1211884201@10.7.7.3> <1211901827.00075710.1211890802@10.7.7.3> <483C4636.7080608@mavhome.dp.ua> <483C4D48.6020106@moneybookers.com> <9a542da30805271114w6ad82569m43d89c4cd03a76fc@mail.gmail.com> <483D319B.7030303@moneybookers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stefan Lambrev wrote: > Ermal Luçi wrote: >> On Tue, May 27, 2008 at 8:04 PM, Stefan Lambrev >> <stefan.lambrev@moneybookers.com> wrote: >> >>> Greetings, >>> >>> Alexander Motin wrote: >>> >>>> Stefan Lambrev wrote: >>>> >>>>>> Yes, You can with ng_tcpmss >>>>>> >>>>> Isn't it doable only with ipfw/divert when using ng_tcpmss? >>>>> I have and some concerns about performance too .. >>>>> >>>> There are several ways to inject packet to ng_tcpmss: >>>> - ipfw + divert + ng_ksocket. It should be faster then usual >>>> user-level >>>> implementation >>>> - ipfw + netgraph as described in ng_tcpmss(4) >>>> - use ng_tcpmss directly in some complicated netgraph setup. For >>>> example, >>>> mpd is able to use it. This is probably the fastest and easiest way, >>>> but >>>> only for some setups. >>>> >>> Thanks for all ideas. >>> I think I'll try the route -mtu feature. >>> Looks like easier for implementation and testing. :) >>> Anyway it will be good if we have such feature in the base system. >>> It shouldn't be very difficult? :) >>> >>> -- >>> >> >> Actually converting ng_tcpmss to pfil(9) should be easy. >> > I'm thinking about adding additional checks in tcp_mss() and > tcp_mssopt() - both in sys/netinet/tcp_input.c > plus two sysctl entries for max mss and max mss IPv6. > Does it sound like a reasonable solution or I'm missing something? Doesn't make sense. You have to differentiate between selecting the MSS for a connection the terminates/originates locally vs. one that just passed through the machine. Local connections observe the MTU setting on the interface and the routing table entries (tcp_maxmtu()). So you can either reduce the interface MTU or adjust the MTU on your default route and everything will work as expected. There is no need for yet another sysctl or other extensions to tcp_mssopt(). For connections passing through the machine we don't have a direct equivalent to Cisco IOS ip tcp mss-fixup. Only work-arounds via some other methods, daemon or kernel module exist. It would make sense to implement that as a option into ipfw (and pf via OpenBSD). > P.S. One of the things that bothers me is that pf uses it's own > pf_get_mss() and pf_calc_mss() > and they should be fixed accordingly? -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?483D3D8D.2030907>