2005-06-10 08:44:19 +00:00
|
|
|
.\" Copyright (c) 2005 Gleb Smirnoff
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
|
|
|
.\" $FreeBSD$
|
|
|
|
.\"
|
|
|
|
.Dd June 9, 2005
|
|
|
|
.Dt NG_TCPMSS 4
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm ng_tcpmss
|
2005-06-16 18:46:17 +00:00
|
|
|
.Nd "netgraph node to adjust TCP MSS option"
|
2005-06-10 08:44:19 +00:00
|
|
|
.Sh SYNOPSIS
|
2005-06-16 18:46:17 +00:00
|
|
|
.In netgraph.h
|
2005-06-10 08:44:19 +00:00
|
|
|
.In netgraph/ng_tcpmss.h
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
|
|
|
.Nm tcpmss
|
|
|
|
node type is designed to alter the Maximum Segment Size option
|
|
|
|
of TCP packets.
|
|
|
|
This node accepts an arbitrary number of hooks.
|
|
|
|
Initially a new hook is considered unconfigured.
|
2005-06-16 18:46:17 +00:00
|
|
|
The
|
2005-06-10 08:44:19 +00:00
|
|
|
.Dv NG_TCPMSS_CONFIG
|
2005-06-16 18:46:17 +00:00
|
|
|
control message is used to configure a hook.
|
2005-06-10 08:44:19 +00:00
|
|
|
.Sh CONTROL MESSAGES
|
|
|
|
This node type supports the generic control messages, plus the following.
|
2012-11-13 20:41:36 +00:00
|
|
|
.Bl -tag -width foo
|
|
|
|
.It Dv NGM_TCPMSS_CONFIG Pq Ic config
|
2005-06-10 08:44:19 +00:00
|
|
|
This control message configures node to do given MSS adjusting on
|
2005-06-16 18:46:17 +00:00
|
|
|
a particular hook.
|
2005-06-10 08:44:19 +00:00
|
|
|
It requires the
|
|
|
|
.Vt "struct ng_tcpmss_config"
|
2005-06-16 18:46:17 +00:00
|
|
|
to be supplied as an argument:
|
2005-06-10 08:44:19 +00:00
|
|
|
.Bd -literal
|
|
|
|
struct ng_tcpmss_config {
|
|
|
|
char inHook[NG_HOOKSIZ];
|
|
|
|
char outHook[NG_HOOKSIZ];
|
|
|
|
uint16_t maxMSS;
|
|
|
|
}
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
This means: packets received on
|
2005-06-16 18:46:17 +00:00
|
|
|
.Va inHook
|
2005-06-10 08:44:19 +00:00
|
|
|
would be checked for TCP MSS option and the latter would be
|
|
|
|
reduced down to
|
2005-06-16 18:46:17 +00:00
|
|
|
.Va maxMSS
|
2005-06-10 08:44:19 +00:00
|
|
|
if it exceeds
|
2005-06-16 18:46:17 +00:00
|
|
|
.Va maxMSS .
|
|
|
|
After that, packets would be sent to hook
|
|
|
|
.Va outHook .
|
2012-11-13 20:41:36 +00:00
|
|
|
.It Dv NGM_TCPMSS_GET_STATS Pq Ic getstats
|
2005-06-16 18:46:17 +00:00
|
|
|
This control message obtains statistics for a given hook.
|
2005-06-10 08:44:19 +00:00
|
|
|
The statistics are returned in
|
|
|
|
.Vt "struct ng_tcpmss_hookstat" :
|
|
|
|
.Bd -literal
|
|
|
|
struct ng_tcpmss_hookstat {
|
|
|
|
uint64_t Octets; /* total bytes */
|
|
|
|
uint64_t Packets; /* total packets */
|
|
|
|
uint16_t maxMSS; /* maximum MSS */
|
|
|
|
uint64_t SYNPkts; /* TCP SYN packets */
|
|
|
|
uint64_t FixedPkts; /* changed packets */
|
|
|
|
};
|
|
|
|
.Ed
|
2012-11-13 20:41:36 +00:00
|
|
|
.It Dv NGM_TCPMSS_CLR_STATS Pq Ic clrstats
|
2005-06-16 18:46:17 +00:00
|
|
|
This control message clears statistics for a given hook.
|
2012-11-13 20:41:36 +00:00
|
|
|
.It Dv NGM_TCPMSS_GETCLR_STATS Pq Ic getclrstats
|
2005-06-16 18:46:17 +00:00
|
|
|
This control message obtains and clears statistics for a given hook.
|
2005-06-10 08:44:19 +00:00
|
|
|
.El
|
|
|
|
.Sh EXAMPLES
|
2005-06-16 18:46:17 +00:00
|
|
|
In the following example, packets are injected into the
|
|
|
|
.Nm tcpmss
|
|
|
|
node using the
|
2005-06-10 08:44:19 +00:00
|
|
|
.Xr ng_ipfw 4
|
|
|
|
node.
|
|
|
|
.Bd -literal -offset indent
|
|
|
|
# Create tcpmss node and connect it to ng_ipfw node
|
|
|
|
ngctl mkpeer ipfw: tcpmss 100 qqq
|
|
|
|
|
2005-06-16 18:46:17 +00:00
|
|
|
# Adjust MSS to 1452
|
2005-06-10 08:44:19 +00:00
|
|
|
ngctl msg ipfw:100 config '{ inHook="qqq" outHook="qqq" maxMSS=1452 }'
|
|
|
|
|
|
|
|
# Divert traffic into tcpmss node
|
|
|
|
ipfw add 300 netgraph 100 tcp from any to any tcpflags syn out via fxp0
|
|
|
|
|
|
|
|
# Let packets continue with ipfw after being hacked
|
|
|
|
sysctl net.inet.ip.fw.one_pass=0
|
|
|
|
.Ed
|
|
|
|
.Sh SHUTDOWN
|
|
|
|
This node shuts down upon receipt of an
|
|
|
|
.Dv NGM_SHUTDOWN
|
|
|
|
control message, or when all hooks have been disconnected.
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr netgraph 4 ,
|
|
|
|
.Xr ng_ipfw 4
|
|
|
|
.Sh HISTORY
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
node type was implemented in
|
|
|
|
.Fx 6.0 .
|
|
|
|
.Sh AUTHORS
|
|
|
|
.An Alexey Popov Aq lollypop@flexuser.ru
|
|
|
|
.An Gleb Smirnoff Aq glebius@FreeBSD.org
|
|
|
|
.Sh BUGS
|
2005-06-16 18:46:17 +00:00
|
|
|
When running on SMP, system statistics may be broken.
|