NAME
ng_tcpmss — netgraph node to adjust TCP MSS optionSYNOPSIS
#include <netgraph.h>#include <netgraph/ng_tcpmss.h>
DESCRIPTION
The tcpmss node type is designed to alter the Maximum Segment Size option of TCP packets. This node accepts an arbitrary number of hooks. Initially a new hook is considered unconfigured. TheNG_TCPMSS_CONFIG control message is used to
configure a hook.
CONTROL MESSAGES
This node type supports the generic control messages, plus the following.-
NGM_TCPMSS_CONFIG(config) - This control message configures node to do given MSS adjusting on a particular hook. It requires the struct ng_tcpmss_config to be supplied as an argument: This means: packets received on inHook would be checked for TCP MSS option and the latter would be reduced down to maxMSS if it exceeds maxMSS. After that, packets would be sent to hook outHook.
-
NGM_TCPMSS_GET_STATS(getstats) - This control message obtains statistics for a given hook. The statistics are returned in struct ng_tcpmss_hookstat:
-
NGM_TCPMSS_CLR_STATS(clrstats) - This control message clears statistics for a given hook.
-
NGM_TCPMSS_GETCLR_STATS(getclrstats) - This control message obtains and clears statistics for a given hook.
EXAMPLES
In the following example, packets are injected into the tcpmss node using the ng_ipfw(4) node.
# Create tcpmss node and connect it to ng_ipfw node
ngctl mkpeer ipfw: tcpmss 100 qqq
# Adjust MSS to 1452
ngctl msg ipfw:100 config '{ inHook="qqq" outHook="qqq" maxMSS=1452 }'
# Divert traffic into tcpmss node
ipfw add 300 netgraph 100 tcp from any to any tcpflags syn out via fxp0
# Let packets continue with ipfw after being hacked
sysctl net.inet.ip.fw.one_pass=0
SHUTDOWN
This node shuts down upon receipt of anNGM_SHUTDOWN control message, or when all
hooks have been disconnected.
SEE ALSO
netgraph(4), ng_ipfw(4)HISTORY
The ng_tcpmss node type was implemented in FreeBSD 6.0.AUTHORS
Alexey Popov <[email protected]>Gleb Smirnoff <[email protected]>
BUGS
When running on SMP, system statistics may be broken.| June 9, 2005 | Debian |