From owner-freebsd-net@FreeBSD.ORG Wed May 28 11:10:05 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F19A31065671 for ; Wed, 28 May 2008 11:10:05 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 4D3B48FC0C for ; Wed, 28 May 2008 11:10:05 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 21494 invoked from network); 28 May 2008 10:08:01 -0000 Received: from localhost (HELO [127.0.0.1]) ([127.0.0.1]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 28 May 2008 10:08:01 -0000 Message-ID: <483D3D8D.2030907@freebsd.org> Date: Wed, 28 May 2008 13:10:05 +0200 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.14 (Windows/20071210) MIME-Version: 1.0 To: Stefan Lambrev References: <1211891010.00075594.1211880013@10.7.7.3> <1211894613.00075634.1211884201@10.7.7.3> <1211901827.00075710.1211890802@10.7.7.3> <483C4636.7080608@mavhome.dp.ua> <483C4D48.6020106@moneybookers.com> <9a542da30805271114w6ad82569m43d89c4cd03a76fc@mail.gmail.com> <483D319B.7030303@moneybookers.com> In-Reply-To: <483D319B.7030303@moneybookers.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org, =?UTF-8?B?RXJtYWwgTHXDp2k=?= Subject: Re: Adjust Maximum Segment Size? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2008 11:10:06 -0000 Stefan Lambrev wrote: > Ermal Luçi wrote: >> On Tue, May 27, 2008 at 8:04 PM, Stefan Lambrev >> wrote: >> >>> Greetings, >>> >>> Alexander Motin wrote: >>> >>>> Stefan Lambrev wrote: >>>> >>>>>> Yes, You can with ng_tcpmss >>>>>> >>>>> Isn't it doable only with ipfw/divert when using ng_tcpmss? >>>>> I have and some concerns about performance too .. >>>>> >>>> There are several ways to inject packet to ng_tcpmss: >>>> - ipfw + divert + ng_ksocket. It should be faster then usual >>>> user-level >>>> implementation >>>> - ipfw + netgraph as described in ng_tcpmss(4) >>>> - use ng_tcpmss directly in some complicated netgraph setup. For >>>> example, >>>> mpd is able to use it. This is probably the fastest and easiest way, >>>> but >>>> only for some setups. >>>> >>> Thanks for all ideas. >>> I think I'll try the route -mtu feature. >>> Looks like easier for implementation and testing. :) >>> Anyway it will be good if we have such feature in the base system. >>> It shouldn't be very difficult? :) >>> >>> -- >>> >> >> Actually converting ng_tcpmss to pfil(9) should be easy. >> > I'm thinking about adding additional checks in tcp_mss() and > tcp_mssopt() - both in sys/netinet/tcp_input.c > plus two sysctl entries for max mss and max mss IPv6. > Does it sound like a reasonable solution or I'm missing something? Doesn't make sense. You have to differentiate between selecting the MSS for a connection the terminates/originates locally vs. one that just passed through the machine. Local connections observe the MTU setting on the interface and the routing table entries (tcp_maxmtu()). So you can either reduce the interface MTU or adjust the MTU on your default route and everything will work as expected. There is no need for yet another sysctl or other extensions to tcp_mssopt(). For connections passing through the machine we don't have a direct equivalent to Cisco IOS ip tcp mss-fixup. Only work-arounds via some other methods, daemon or kernel module exist. It would make sense to implement that as a option into ipfw (and pf via OpenBSD). > P.S. One of the things that bothers me is that pf uses it's own > pf_get_mss() and pf_calc_mss() > and they should be fixed accordingly? -- Andre