Stefan Lambrev wrote:
Ermal Luçi wrote:
On Tue, May 27, 2008 at 8:04 PM, Stefan Lambrev
<[EMAIL PROTECTED]> wrote:
Greetings,
Alexander Motin wrote:
Stefan Lambrev wrote:
Yes, You can with ng_tcpmss
Isn't it doable only with ipfw/divert when using ng_tcpmss?
I have and some concerns about performance too ..
There are several ways to inject packet to ng_tcpmss:
- ipfw + divert + ng_ksocket. It should be faster then usual
user-level
implementation
- ipfw + netgraph as described in ng_tcpmss(4)
- use ng_tcpmss directly in some complicated netgraph setup. For
example,
mpd is able to use it. This is probably the fastest and easiest way,
but
only for some setups.
Thanks for all ideas.
I think I'll try the route -mtu feature.
Looks like easier for implementation and testing. :)
Anyway it will be good if we have such feature in the base system.
It shouldn't be very difficult? :)
--
Actually converting ng_tcpmss to pfil(9) should be easy.
I'm thinking about adding additional checks in tcp_mss() and
tcp_mssopt() - both in sys/netinet/tcp_input.c
plus two sysctl entries for max mss and max mss IPv6.
Does it sound like a reasonable solution or I'm missing something?
Doesn't make sense. You have to differentiate between selecting the
MSS for a connection the terminates/originates locally vs. one that
just passed through the machine.
Local connections observe the MTU setting on the interface and the
routing table entries (tcp_maxmtu()). So you can either reduce the
interface MTU or adjust the MTU on your default route and everything
will work as expected. There is no need for yet another sysctl or
other extensions to tcp_mssopt().
For connections passing through the machine we don't have a direct
equivalent to Cisco IOS ip tcp mss-fixup. Only work-arounds via some
other methods, daemon or kernel module exist. It would make sense
to implement that as a option into ipfw (and pf via OpenBSD).
P.S. One of the things that bothers me is that pf uses it's own
pf_get_mss() and pf_calc_mss()
and they should be fixed accordingly?
--
Andre
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
