Date: Mon, 19 Jun 2000 00:58:36 -0400 From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: <freebsd-net@freebsd.org> Cc: "\"clemensF\"" <ino-waiting@gmx.net>, <brian@Awfulhak.org>, <dgilbert@velocet.net> Subject: Re: "frag-anyways" knob. Message-ID: <00f201bfd9ab$06cd8330$040aa8c0@local.mindstep.com> References: <patrick@mindstep.com> <200006160812.JAA01790@hak.lan.Awfulhak.org> <20000616160623.A5968@spotteswoode.de> <013101bfd7aa$b2949f80$040aa8c0@local.mindstep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_00EF_01BFD989.7F9EBE40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi All, As promised here is my set of patch that update the MSS option in outbound TCP packets based on a specified value for the MTU. The patch is for libalias and natd. The libalias part is where all the action takes place. The patch for natd is usefull for setting a specific value for the MTU. I have added an option called "-link_mtu <value>". If this option is not specified, the MTU of the interface indicated with "-n" is used instead. I have done some testing between 2 FreeBSD boxen and I observe the expected behavior: The MSS of the outbounds TCP packets is changed, the packets comming back honor the advertised max segment size. The inbound packets are left as is. I tried to update the userland PPP code to indicate the Link MTU to libalias, but I don't think I am succesfull with it yet. I have included the patch for PPP as well, but I don't think it works properly. I would appreciate help in that area. The patches are activated by defining "MSS_UPDATE_HACK" at compile time. Of course this hack can only help with the problem of "frag needed" notifications lost for TCP sessions. Other protocols (UDP and friends) are not modified in any way. Finally I am including the traces I have taken with tcpdump and natd for my tests. Please let me know what you think of this, and if it is working for you. Patrick. -- Patrick Bihan-Faou MindStep Corporation - MindBox Technologies ------=_NextPart_000_00EF_01BFD989.7F9EBE40 Content-Type: application/octet-stream; name="MSS_HACK_libalias.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="MSS_HACK_libalias.patch" --- alias.c.orig Fri Sep 10 11:27:34 1999=0A= +++ alias.c Mon Jun 19 00:11:54 2000=0A= @@ -1027,6 +1027,63 @@=0A= =0A= ADJUST_CHECKSUM(accumulate, pip->ip_sum)=0A= =0A= +#ifdef MSS_UPDATE_HACK=0A= +/* Change the MSS if needed */=0A= + if ( (tc->th_off * 4) > sizeof(*tc) ) {=0A= + u_char *cp;=0A= + int opt, datalen;=0A= + u_short alias_mtu;=0A= + int accumulate;=0A= + int hlen;=0A= + =0A= + alias_mtu =3D GetAliasMTU(link);=0A= +=0A= +#ifdef DEBUG=0A= + fprintf(stderr, "TCP OUT -> options present, max MSS is %u\n", = alias_mtu);=0A= +#endif=0A= + if (alias_mtu > 0) {=0A= + hlen =3D tc->th_off *4;=0A= + hlen -=3D sizeof(*tc);=0A= +=0A= + cp =3D (u_char *)tc + sizeof(*tc);=0A= + while (hlen > 0) {=0A= + opt =3D *cp++;=0A= + --hlen; /* account for type byte */=0A= + if (opt =3D=3D TCPOPT_EOL) {=0A= + break;=0A= + } else if (opt =3D=3D TCPOPT_NOP) {=0A= + continue;=0A= + }=0A= +=0A= + datalen =3D *cp++; /* total including type, len */=0A= + --hlen; /* account for length byte */=0A= + datalen -=3D 2; /* don't count the kind and len bytes */=0A= + if (datalen < 0 || datalen > hlen)=0A= + break;=0A= +=0A= + if (opt =3D=3D TCPOPT_MAXSEG) {=0A= +#ifdef DEBUG=0A= + fprintf(stderr, "TCP OUT -> got MSS option, value %u\n", = EXTRACT_16BITS(cp));=0A= +#endif=0A= + if (EXTRACT_16BITS(cp) > alias_mtu) {=0A= + accumulate =3D EXTRACT_16BITS_NET(cp);=0A= + ADJUST_16BITS(cp, alias_mtu);=0A= + accumulate -=3D EXTRACT_16BITS_NET(cp);=0A= + ADJUST_CHECKSUM(accumulate, tc->th_sum)=0A= +#ifdef DEBUG=0A= + fprintf(stderr, "TCP OUT -> adjusted MSS option, value %u\n", = EXTRACT_16BITS(cp));=0A= +#endif=0A= + }=0A= + }=0A= +=0A= + /* Account for the option's data */=0A= + cp +=3D datalen;=0A= + hlen -=3D datalen;=0A= + }=0A= + }=0A= + }=0A= +#endif /* MSS_UPDATE_HACK */=0A= +=0A= return(PKT_ALIAS_OK);=0A= }=0A= return(PKT_ALIAS_IGNORED);=0A= --- alias.h.orig Wed Feb 2 18:49:32 2000=0A= +++ alias.h Mon Jun 19 00:11:54 2000=0A= @@ -36,6 +36,11 @@=0A= extern unsigned int=0A= PacketAliasSetMode(unsigned int, unsigned int);=0A= =0A= +#ifdef MSS_UPDATE_HACK=0A= + extern void=0A= + PacketAliasSetMTU(u_short);=0A= +#endif=0A= +=0A= #ifndef NO_FW_PUNCH=0A= extern void=0A= PacketAliasSetFWBase(unsigned int, unsigned int);=0A= --- alias_db.c.orig Thu May 11 03:54:45 2000=0A= +++ alias_db.c Mon Jun 19 00:11:54 2000=0A= @@ -124,6 +124,9 @@=0A= #include <netinet/in.h>=0A= #include <netinet/ip.h>=0A= #include <netinet/tcp.h>=0A= +#ifdef MSS_UPDATE_HACK=0A= +#include <netinet/udp.h>=0A= +#endif=0A= #include <arpa/inet.h>=0A= =0A= #include "alias.h"=0A= @@ -247,6 +250,10 @@=0A= u_short alias_port;=0A= u_short proxy_port;=0A= =0A= +#ifdef MSS_UPDATE_HACK=0A= + u_short alias_mtu;=0A= +#endif /* MSS_UPDATE_HACK */=0A= +=0A= int link_type; /* Type of link: tcp, udp, icmp, frag = */=0A= =0A= /* values for link_type */=0A= @@ -316,6 +323,10 @@=0A= linkTableIn[LINK_TABLE_IN_SIZE]; /* into input and output lookup = */=0A= /* tables. = */=0A= =0A= +#ifdef MSS_UPDATE_HACK=0A= +static u_short aliasMTU;=0A= +#endif=0A= +=0A= static int icmpLinkCount; /* Link statistics = */=0A= static int udpLinkCount;=0A= static int tcpLinkCount;=0A= @@ -871,6 +882,9 @@=0A= link->sockfd =3D -1;=0A= link->flags =3D 0;=0A= link->timestamp =3D timeStamp;=0A= +#ifdef MSS_UPDATE_HACK=0A= + link->alias_mtu =3D aliasMTU - sizeof(struct ip); /* should be max = IPHLEN */=0A= +#endif=0A= =0A= /* Expiration time */=0A= switch (link_type)=0A= @@ -880,9 +894,15 @@=0A= break;=0A= case LINK_UDP:=0A= link->expire_time =3D UDP_EXPIRE_TIME;=0A= +#ifdef MSS_UPDATE_HACK=0A= + link->alias_mtu -=3D sizeof(struct udphdr);=0A= +#endif=0A= break;=0A= case LINK_TCP:=0A= link->expire_time =3D TCP_EXPIRE_INITIAL;=0A= +#ifdef MSS_UPDATE_HACK=0A= + link->alias_mtu -=3D sizeof(struct tcphdr);=0A= +#endif=0A= break;=0A= case LINK_FRAGMENT_ID:=0A= link->expire_time =3D FRAGMENT_ID_EXPIRE_TIME;=0A= @@ -2390,3 +2410,25 @@=0A= memset(fireWallField, 0, fireWallNumNums);=0A= }=0A= #endif=0A= +=0A= +=0A= +#ifdef MSS_UPDATE_HACK=0A= +void=0A= +PacketAliasSetMTU(u_short mtu)=0A= +{=0A= +#ifdef DEBUG=0A= + fprintf(stderr, "link MTU is %u\n", mtu);=0A= +#endif=0A= + aliasMTU =3D mtu;=0A= +}=0A= +=0A= +u_short=0A= +GetAliasMTU(struct alias_link *link)=0A= +{=0A= + if (link->alias_mtu =3D=3D 0)=0A= + return aliasMTU;=0A= + else=0A= + return(link->alias_mtu);=0A= +}=0A= +#endif MSS_UPDATE_HACK=0A= +=0A= --- alias_local.h.orig Sun Aug 29 19:17:04 1999=0A= +++ alias_local.h Mon Jun 19 00:11:54 2000=0A= @@ -49,6 +49,25 @@=0A= } \=0A= }=0A= =0A= +#define LBL_ALIGN=0A= +#ifdef LBL_ALIGN=0A= +#define EXTRACT_16BITS(p) \=0A= + ((u_short)*((u_char *)(p) + 0) << 8 | \=0A= + (u_short)*((u_char *)(p) + 1))=0A= +#define EXTRACT_16BITS_NET(p) \=0A= + ((u_short)*((u_char *)(p) + 0) | \=0A= + (u_short)*((u_char *)(p) + 1) << 8)=0A= +#define ADJUST_16BITS(p, val) \=0A= + (*(u_char *)(p) =3D (u_char)(((u_short)(val) >> 8) & 0xff), \=0A= + *((u_char *)(p) + 1) =3D (u_char)((u_short)(val) & 0xff))=0A= +#else=0A= +#define EXTRACT_16BITS(p) \=0A= + ((u_short)ntohs(*(u_short *)(p)))=0A= +#define ADJUST_16BITS(p, val) \=0A= + (*(u_short *)(p) =3D ntohs((u_short)(val)))=0A= +#endif=0A= +=0A= +=0A= =0A= /*=0A= Globals=0A= @@ -133,6 +152,9 @@=0A= void ClearCheckNewLink(void);=0A= #ifndef NO_FW_PUNCH=0A= void PunchFWHole(struct alias_link *);=0A= +#endif=0A= +#ifdef MSS_UPDATE_HACK=0A= +u_short GetAliasMTU(struct alias_link *);=0A= #endif=0A= =0A= =0A= ------=_NextPart_000_00EF_01BFD989.7F9EBE40 Content-Type: application/octet-stream; name="MSS_HACK_natd.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="MSS_HACK_natd.patch" --- natd.c.orig Fri Feb 25 06:34:38 2000=0A= +++ natd.c Mon Jun 19 00:11:55 2000=0A= @@ -302,6 +302,12 @@=0A= */=0A= if (aliasAddr.s_addr !=3D INADDR_NONE)=0A= PacketAliasSetAddress (aliasAddr);=0A= +=0A= +#ifdef MSS_UPDATE_HACK=0A= + if (ifMTU > 0)=0A= + PacketAliasSetMTU(ifMTU);=0A= +#endif=0A= +=0A= /*=0A= * We need largest descriptor number for select.=0A= */=0A= @@ -757,7 +763,12 @@=0A= if (strlen(ifn) =3D=3D sdl->sdl_nlen &&=0A= strncmp(ifn, sdl->sdl_data, sdl->sdl_nlen) =3D=3D 0) {=0A= ifIndex =3D ifm->ifm_index;=0A= +#ifdef MSS_UPDATE_HACK=0A= + if (ifMTU <=3D 0)=0A= + ifMTU =3D ifm->ifm_data.ifi_mtu;=0A= +#else=0A= ifMTU =3D ifm->ifm_data.ifi_mtu;=0A= +#endif=0A= break;=0A= }=0A= }=0A= @@ -800,6 +811,10 @@=0A= errx(1, "%s: cannot get interface address", ifn);=0A= =0A= PacketAliasSetAddress(sin->sin_addr);=0A= +#ifdef MSS_UPDATE_HACK=0A= + if (ifMTU > 0)=0A= + PacketAliasSetMTU(ifMTU);=0A= +#endif=0A= syslog(LOG_INFO, "Aliasing to %s, mtu %d bytes",=0A= inet_ntoa(sin->sin_addr), ifMTU);=0A= =0A= @@ -863,7 +878,10 @@=0A= PptpAlias,=0A= ProxyRule,=0A= LogDenied,=0A= - LogFacility=0A= + LogFacility,=0A= +#ifdef MSS_UPDATE_HACK=0A= + LinkMTU=0A= +#endif=0A= };=0A= =0A= enum Param {=0A= @@ -1065,7 +1083,17 @@=0A= "facility",=0A= "name of syslog facility to use for logging",=0A= "log_facility",=0A= + NULL },=0A= +=0A= +#ifdef MSS_UPDATE_HACK=0A= + { LinkMTU,=0A= + 0,=0A= + Numeric,=0A= + "mtu",=0A= + "MTU for the link, affects the MSS option of outbound TCP packets",=0A= + "link_mtu",=0A= NULL }=0A= +#endif=0A= =0A= };=0A= =0A= @@ -1242,6 +1270,14 @@=0A= errx(1, "Unknown log facility name: %s", strValue); =0A= =0A= break;=0A= +#ifdef MSS_UPDATE_HACK=0A= + case LinkMTU:=0A= +#ifdef DEBUG=0A= + fprintf(stderr, "config link MTU to %d\n", numValue);=0A= +#endif=0A= + ifMTU =3D numValue;=0A= + break;=0A= +#endif=0A= }=0A= }=0A= =0A= ------=_NextPart_000_00EF_01BFD989.7F9EBE40 Content-Type: application/octet-stream; name="MSS_HACK_ppp.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="MSS_HACK_ppp.patch" --- bundle.c.orig Thu Jun 15 13:08:27 2000=0A= +++ bundle.c Mon Jun 19 00:11:57 2000=0A= @@ -793,6 +793,9 @@=0A= bundle.phase =3D PHASE_DEAD;=0A= bundle.CleaningUp =3D 0;=0A= bundle.NatEnabled =3D 0;=0A= +#ifdef MSS_UPDATE_HACK=0A= + bundle.NatMTUEnabled =3D 0;=0A= +#endif=0A= =0A= bundle.fsm.LayerStart =3D bundle_LayerStart;=0A= bundle.fsm.LayerUp =3D bundle_LayerUp;=0A= --- bundle.h.orig Thu Jun 15 13:08:27 2000=0A= +++ bundle.h Mon Jun 19 00:11:57 2000=0A= @@ -83,6 +83,9 @@=0A= =0A= unsigned CleaningUp : 1; /* Going to exit.... */=0A= unsigned NatEnabled : 1; /* Are we using libalias ? */=0A= +#ifdef MSS_UPDATE_HACK=0A= + unsigned NatMTUEnabled : 1; /* Are we using the MSS rewrite hack ? */=0A= +#endif /* MSS_UPDATE_HACK */=0A= =0A= struct fsm_parent fsm; /* Our callback functions */=0A= struct datalink *links; /* Our data links */=0A= --- command.c.orig Thu Jun 15 13:08:27 2000=0A= +++ command.c Mon Jun 19 00:11:57 2000=0A= @@ -175,6 +175,9 @@=0A= #ifndef NONAT=0A= static int NatEnable(struct cmdargs const *);=0A= static int NatOption(struct cmdargs const *);=0A= +#ifdef MSS_UPDATE_HACK=0A= +static int nat_SetLinkMTU(struct cmdargs const *);=0A= +#endif=0A= #endif=0A= =0A= static const char *=0A= @@ -614,6 +617,10 @@=0A= (const void *) PKT_ALIAS_USE_SOCKETS},=0A= {"help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,=0A= "Display this message", "nat help|? [command]", NatCommands},=0A= +#ifdef MSS_UPDATE_HACK=0A= + {"force_mtu", NULL, nat_SetLinkMTU, LOCAL_AUTH, =0A= + "Update TCP MSS based on the link MTU", "nat force_mtu yes|no" },=0A= +#endif /* MSS_UPDATE_HACK */=0A= {NULL, NULL, NULL},=0A= };=0A= #endif=0A= @@ -2167,6 +2174,27 @@=0A= return -1;=0A= }=0A= =0A= +#ifdef MSS_UPDATE_HACK=0A= +static int=0A= +nat_SetLinkMTU(struct cmdargs const *arg)=0A= +{=0A= + if (arg->argc =3D=3D arg->argn+1) {=0A= + if (strcasecmp(arg->argv[arg->argn], "yes") =3D=3D 0) {=0A= + if (arg->bundle->NatEnabled) {=0A= + if (arg->bundle->cfg.mtu > 0)=0A= + PacketAliasSetMTU(arg->bundle->cfg.mtu);=0A= + arg->bundle->NatMTUEnabled =3D 1;=0A= + }=0A= + return 0;=0A= + } else if (strcasecmp(arg->argv[arg->argn], "no") =3D=3D 0) {=0A= + arg->bundle->NatMTUEnabled =3D 0;=0A= + return 0;=0A= + }=0A= + }=0A= +=0A= + return -1;=0A= +}=0A= +#endif /* MSS_UPDATE_HACK */=0A= =0A= static int=0A= NatOption(struct cmdargs const *arg)=0A= ------=_NextPart_000_00EF_01BFD989.7F9EBE40 Content-Type: text/plain; name="MSS_HACK_trace.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="MSS_HACK_trace.txt" Test setup: [ Penpro ] - rl0 -------Ethernet----- [ Web Server (nitro) ] Natd is running on penpro, tcpdump is running on nitro 1st test: using natd without specifying a link_mtu. In this case the=20 system is using the configured MTU for the link. In this case this is=20 an ethernet link with a normal MTU of 1500 root@penpro# ./natd -v -n rl0 link MTU is 1500 natd[2198]: Aliasing to 192.168.10.9, mtu 1500 bytes link MTU is 1500 TCP OUT -> checking for MSS option TCP OUT -> options present, max MSS is 1460 TCP OUT -> got MSS option, value 1460 Out [TCP] [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1038 -> 192.168.10.2:80 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1038 TCP DUMP on nitro (the web server) 13:15:32.842174 penpro.1038 > nitro.http: S 421436740:421436740(0) win = 16384 <mss 1460> (DF) [tos 0x10] 13:15:32.842236 nitro.http > penpro.1038: S 2150088421:2150088421(0) ack = 421436741 win 17520 <mss 1460> (DF) 13:15:32.844977 penpro.1038 > nitro.http: . ack 1 win 17520 (DF) [tos = 0x10]=20 13:15:38.174677 penpro.1038 > nitro.http: P 1:8(7) ack 1 win 17520 (DF) = [tos 0x10] 13:15:38.175404 nitro.http > penpro.1038: . 1:1461(1460) ack 8 win 17520 = (DF) 13:15:38.175426 nitro.http > penpro.1038: . 1461:2921(1460) ack 8 win = 17520 (DF) 13:15:38.175438 nitro.http > penpro.1038: P 2921:3576(655) ack 8 win = 17520 (DF) 13:15:38.175702 nitro.http > penpro.1038: F 3576:3576(0) ack 8 win 17520 = (DF) 13:15:38.185201 penpro.1038 > nitro.http: . ack 2921 win 17520 (DF) [tos = 0x10] 13:15:38.188695 penpro.1038 > nitro.http: . ack 3577 win 17520 (DF) [tos = 0x10] 13:15:38.189536 penpro.1038 > nitro.http: F 8:8(0) ack 3577 win 17520 = (DF) [tos 0x10] 13:15:38.189562 nitro.http > penpro.1038: . ack 9 win 17520 (DF) 2nd test: This time the link MTU is indicated as being smaller (1200 bytes). Same = test: a simple HTTP request from penpro to Nitro. root@penpro# ./natd -v -n rl0 -link_mtu 1200 config link MTU to 1200 link MTU is 1200 natd[2200]: Aliasing to 192.168.10.9, mtu 1200 bytes link MTU is 1200 TCP OUT -> checking for MSS option TCP OUT -> options present, max MSS is 1160 TCP OUT -> got MSS option, value 1460 TCP OUT -> adjsuted MSS option, value 1160 Out [TCP] [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 TCP OUT -> checking for MSS option Out [TCP] [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 aliased to [TCP] 192.168.10.9:1039 -> 192.168.10.2:80 In [TCP] [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 aliased to [TCP] 192.168.10.2:80 -> 192.168.10.9:1039 TCPDUMP on nitro 13:15:58.360870 penpro.1039 > nitro.http: S 426240782:426240782(0) win = 16384 <mss 1160> (DF) [tos 0x10] 13:15:58.360927 nitro.http > penpro.1039: S 2154861752:2154861752(0) ack = 426240783 win 17400 <mss 1460> (DF) 13:15:58.363658 penpro.1039 > nitro.http: . ack 1 win 17520 (DF) [tos = 0x10] 13:16:00.426328 penpro.1039 > nitro.http: P 1:8(7) ack 1 win 17520 (DF) = [tos 0x10] 13:16:00.427073 nitro.http > penpro.1039: . 1:1161(1160) ack 8 win 17400 = (DF) 13:16:00.427094 nitro.http > penpro.1039: . 1161:2321(1160) ack 8 win = 17400 (DF) 13:16:00.427104 nitro.http > penpro.1039: . 2321:3481(1160) ack 8 win = 17400 (DF) 13:16:00.427112 nitro.http > penpro.1039: P 3481:3576(95) ack 8 win = 17400 (DF) 13:16:00.427243 nitro.http > penpro.1039: F 3576:3576(0) ack 8 win 17400 = (DF) 13:16:00.437633 penpro.1039 > nitro.http: . ack 3481 win 17384 (DF) [tos = 0x10] 13:16:00.441142 penpro.1039 > nitro.http: . ack 3577 win 17520 (DF) [tos = 0x10] 13:16:00.442015 penpro.1039 > nitro.http: F 8:8(0) ack 3577 win 17520 = (DF) [tos 0x10] 13:16:00.442039 nitro.http > penpro.1039: . ack 9 win 17400 (DF) This time we can observe that the MSS on the initial TCP packet from = penpro to nitro is 1160 (1200 - TCP/IP headers). Also the packets comming back from nitro = contain only 1160 bytes of data. ------=_NextPart_000_00EF_01BFD989.7F9EBE40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00f201bfd9ab$06cd8330$040aa8c0>