Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
TCPMSSD(8)		    System Manager's Manual		    TCPMSSD(8)

NAME
       tcpmssd -- TCP Maximum Segment Size option corrector

SYNOPSIS
       tcpmssd [-bv] -p	port {-i iface | -m mtu}

DESCRIPTION
       The tcpmssd utility adjusts TCP SYN packets so that the maximum receive
       segment	size is	not greater than the amount allowed by the interface's
       MTU.

       This is necessary in many setups	to avoid problems  caused  by  routers
       that  drop ICMP "Datagram Too Big" messages, thus breaking the Path MTU
       Discovery algorithm (RFC	1191).	Without	these messages,	the  originat-
       ing  machine sends data,	it passes the rogue router then	hits a machine
       that has	an MTU that is not big enough for the data.   Because  the  IP
       "don't  fragment"  option  is set, this machine sends an	ICMP "Datagram
       Too Big"	message	back to	the originator	and  drops  the	 packet.   The
       rogue  router  drops the	ICMP and the originator	never gets to discover
       that it must reduce the	Path  MTU  value  or  exclude  the  IP	"don't
       fragment" option	from its outgoing data.

       The  tcpmssd  utility  normally runs in the background as a daemon.  It
       intercepts TCP packets from a divert(4) socket bound to the port	speci-
       fied with the -p	option and reduces the value of	TCP MSS	option if nec-
       essary so that the incoming TCP messages	will pass  through  this  host
       without need to send ICMP "Datagram Too Big" messages.

       The  maximum value for the TCP MSS option is determined based on	an MTU
       given either as an absolute value with the -m option or derived from  a
       network interface specified with	the -i option.

       If  run	with the -b option, tcpmssd will attempt to update the TCP MSS
       option on both incoming and outgoing TCP	segments, as delivered on  the
       divert(4) socket.  By default, only outgoing TCP	segments are examined.

       If run with the -v option, tcpmssd does not detach from its controlling
       terminal	 and  writes various diagnostic	messages to the	standard error
       output.

       The following steps are necessary to run	tcpmssd:

       1.   Build your kernel with the following options:

		  options IPFIREWALL
		  options IPDIVERT

	    Refer to the Handbook for detailed instructions on building	a cus-
	    tom	kernel.

       2.   Make sure to redirect TCP traffic to the divert(4) port port.  Re-
	    fer	to the ipfw(8) manual page for details.

SEE ALSO
       divert(4), ipfw(8)

AUTHORS
       This program was	written	by Ruslan Ermilov  <ru@FreeBSD.org>  based  on
       work done by Patrick Bihan-Faou <patrick@mindstep.com>.

FreeBSD	Ports 14.quarterly	 June 11, 2004			    TCPMSSD(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=tcpmssd&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help