Ermal Luçi wrote:
On Tue, May 27, 2008 at 8:04 PM, Stefan Lambrev
<[EMAIL PROTECTED]> wrote:
Greetings,
Alexander Motin wrote:
Stefan Lambrev wrote:
Yes, You can with ng_tcpmss
Isn't it doable only with ipfw/divert when using ng_tcpmss?
I have and some concerns about performance too ..
There are several ways to inject packet to ng_tcpmss:
- ipfw + divert + ng_ksocket. It should be faster then usual user-level
implementation
- ipfw + netgraph as described in ng_tcpmss(4)
- use ng_tcpmss directly in some complicated netgraph setup. For example,
mpd is able to use it. This is probably the fastest and easiest way, but
only for some setups.
Thanks for all ideas.
I think I'll try the route -mtu feature.
Looks like easier for implementation and testing. :)
Anyway it will be good if we have such feature in the base system.
It shouldn't be very difficult? :)
--
Actually converting ng_tcpmss to pfil(9) should be easy.
I'm thinking about adding additional checks in tcp_mss() and
tcp_mssopt() - both in sys/netinet/tcp_input.c
plus two sysctl entries for max mss and max mss IPv6.
Does it sound like a reasonable solution or I'm missing something?
P.S. One of the things that bothers me is that pf uses it's own
pf_get_mss() and pf_calc_mss()
and they should be fixed accordingly?
--
Best Wishes,
Stefan Lambrev
ICQ# 24134177
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
