| NG_TCPMSS(4) | Device Drivers Manual | NG_TCPMSS(4) |
ng_tcpmss —
netgraph node to adjust TCP MSS option
#include
<netgraph.h>
#include
<netgraph/ng_tcpmss.h>
The tcpmss node type is designed to alter
the Maximum Segment Size option of TCP packets. This node accepts an
arbitrary number of hooks. Initially a new hook is considered unconfigured.
The NG_TCPMSS_CONFIG control message is used to
configure a hook.
This node type supports the generic control messages, plus the following.
NGM_TCPMSS_CONFIG
(config)struct ng_tcpmss_config {
char inHook[NG_HOOKSIZ];
char outHook[NG_HOOKSIZ];
uint16_t maxMSS;
}
This means: packets received on inHook would be checked for TCP MSS option and the latter would be reduced down to maxMSS if it exceeds maxMSS. After that, packets would be sent to hook outHook.
NGM_TCPMSS_GET_STATS
(getstats)struct ng_tcpmss_hookstat {
uint64_t Octets; /* total bytes */
uint64_t Packets; /* total packets */
uint16_t maxMSS; /* maximum MSS */
uint64_t SYNPkts; /* TCP SYN packets */
uint64_t FixedPkts; /* changed packets */
};
NGM_TCPMSS_CLR_STATS
(clrstats)NGM_TCPMSS_GETCLR_STATS
(getclrstats)In the following example, packets are injected into the
tcpmss node using the ng_ipfw(4)
node.
# Create tcpmss node and connect it to ng_ipfw node
ngctl mkpeer ipfw: tcpmss 100 qqq
# Adjust MSS to 1452
ngctl msg ipfw:100 config '{ inHook="qqq" outHook="qqq" maxMSS=1452 }'
# Divert traffic into tcpmss node
ipfw add 300 netgraph 100 tcp from any to any tcpflags syn out via fxp0
# Let packets continue with ipfw after being hacked
sysctl net.inet.ip.fw.one_pass=0
This node shuts down upon receipt of an
NGM_SHUTDOWN control message, or when all hooks have
been disconnected.
The ng_tcpmss node type was implemented in
FreeBSD 6.0.
Alexey Popov
<lollypop@flexuser.ru>
Gleb Smirnoff
<glebius@FreeBSD.org>
When running on SMP, system statistics may be broken.
| June 9, 2005 | Debian |