GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
TCPMSSD(8) FreeBSD System Manager's Manual TCPMSSD(8)

tcpmssd
TCP Maximum Segment Size option corrector

tcpmssd [-bv] -p port {-i iface | -m mtu}

The tcpmssd utility adjusts TCP SYN packets so that the maximum receive segment size is not greater than the amount allowed by the interface's MTU.

This is necessary in many setups to avoid problems caused by routers that drop ICMP “Datagram Too Big” messages, thus breaking the Path MTU Discovery algorithm (RFC 1191). Without these messages, the originating machine sends data, it passes the rogue router then hits a machine that has an MTU that is not big enough for the data. Because the IP “don't fragment” option is set, this machine sends an ICMP “Datagram Too Big” message back to the originator and drops the packet. The rogue router drops the ICMP and the originator never gets to discover that it must reduce the Path MTU value or exclude the IP “don't fragment” option from its outgoing data.

The tcpmssd utility normally runs in the background as a daemon. It intercepts TCP packets from a divert(4) socket bound to the port specified with the -p option and reduces the value of TCP MSS option if necessary so that the incoming TCP messages will pass through this host without need to send ICMP “Datagram Too Big” messages.

The maximum value for the TCP MSS option is determined based on an MTU given either as an absolute value with the -m option or derived from a network interface specified with the -i option.

If run with the -b option, tcpmssd will attempt to update the TCP MSS option on both incoming and outgoing TCP segments, as delivered on the divert(4) socket. By default, only outgoing TCP segments are examined.

If run with the -v option, tcpmssd does not detach from its controlling terminal and writes various diagnostic messages to the standard error output.

The following steps are necessary to run tcpmssd:

  1. Build your kernel with the following options:
    options IPFIREWALL
    options IPDIVERT
        

    Refer to the Handbook for detailed instructions on building a custom kernel.

  2. Make sure to redirect TCP traffic to the divert(4) port port. Refer to the ipfw(8) manual page for details.

divert(4), ipfw(8)

This program was written by Ruslan Ermilov ⟨ru@FreeBSD.org⟩ based on work done by Patrick Bihan-Faou ⟨patrick@mindstep.com⟩.
June 11, 2004 FreeBSD 13.1-RELEASE

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.