1c604c876SGleb Smirnoff.\" Copyright (c) 2005 Gleb Smirnoff 2c604c876SGleb Smirnoff.\" All rights reserved. 3c604c876SGleb Smirnoff.\" 4c604c876SGleb Smirnoff.\" Redistribution and use in source and binary forms, with or without 5c604c876SGleb Smirnoff.\" modification, are permitted provided that the following conditions 6c604c876SGleb Smirnoff.\" are met: 7c604c876SGleb Smirnoff.\" 1. Redistributions of source code must retain the above copyright 8c604c876SGleb Smirnoff.\" notice, this list of conditions and the following disclaimer. 9c604c876SGleb Smirnoff.\" 2. Redistributions in binary form must reproduce the above copyright 10c604c876SGleb Smirnoff.\" notice, this list of conditions and the following disclaimer in the 11c604c876SGleb Smirnoff.\" documentation and/or other materials provided with the distribution. 12c604c876SGleb Smirnoff.\" 13c604c876SGleb Smirnoff.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14c604c876SGleb Smirnoff.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15c604c876SGleb Smirnoff.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16c604c876SGleb Smirnoff.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17c604c876SGleb Smirnoff.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18c604c876SGleb Smirnoff.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19c604c876SGleb Smirnoff.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20c604c876SGleb Smirnoff.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21c604c876SGleb Smirnoff.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22c604c876SGleb Smirnoff.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23c604c876SGleb Smirnoff.\" SUCH DAMAGE. 24c604c876SGleb Smirnoff.\" 25c604c876SGleb Smirnoff.\" $FreeBSD$ 26c604c876SGleb Smirnoff.\" 27c604c876SGleb Smirnoff.Dd June 9, 2005 28c604c876SGleb Smirnoff.Dt NG_TCPMSS 4 29c604c876SGleb Smirnoff.Os 30c604c876SGleb Smirnoff.Sh NAME 31c604c876SGleb Smirnoff.Nm ng_tcpmss 32a4be0b3cSRuslan Ermilov.Nd "netgraph node to adjust TCP MSS option" 33c604c876SGleb Smirnoff.Sh SYNOPSIS 34a4be0b3cSRuslan Ermilov.In netgraph.h 35c604c876SGleb Smirnoff.In netgraph/ng_tcpmss.h 36c604c876SGleb Smirnoff.Sh DESCRIPTION 37c604c876SGleb SmirnoffThe 38c604c876SGleb Smirnoff.Nm tcpmss 39c604c876SGleb Smirnoffnode type is designed to alter the Maximum Segment Size option 40c604c876SGleb Smirnoffof TCP packets. 41c604c876SGleb SmirnoffThis node accepts an arbitrary number of hooks. 42c604c876SGleb SmirnoffInitially a new hook is considered unconfigured. 43a4be0b3cSRuslan ErmilovThe 44c604c876SGleb Smirnoff.Dv NG_TCPMSS_CONFIG 45a4be0b3cSRuslan Ermilovcontrol message is used to configure a hook. 46c604c876SGleb Smirnoff.Sh CONTROL MESSAGES 47c604c876SGleb SmirnoffThis node type supports the generic control messages, plus the following. 48*c60bda17SJoel Dahl.Bl -tag -width foo 49*c60bda17SJoel Dahl.It Dv NGM_TCPMSS_CONFIG Pq Ic config 50c604c876SGleb SmirnoffThis control message configures node to do given MSS adjusting on 51a4be0b3cSRuslan Ermilova particular hook. 52c604c876SGleb SmirnoffIt requires the 53c604c876SGleb Smirnoff.Vt "struct ng_tcpmss_config" 54a4be0b3cSRuslan Ermilovto be supplied as an argument: 55c604c876SGleb Smirnoff.Bd -literal 56c604c876SGleb Smirnoffstruct ng_tcpmss_config { 57c604c876SGleb Smirnoff char inHook[NG_HOOKSIZ]; 58c604c876SGleb Smirnoff char outHook[NG_HOOKSIZ]; 59c604c876SGleb Smirnoff uint16_t maxMSS; 60c604c876SGleb Smirnoff} 61c604c876SGleb Smirnoff.Ed 62c604c876SGleb Smirnoff.Pp 63c604c876SGleb SmirnoffThis means: packets received on 64a4be0b3cSRuslan Ermilov.Va inHook 65c604c876SGleb Smirnoffwould be checked for TCP MSS option and the latter would be 66c604c876SGleb Smirnoffreduced down to 67a4be0b3cSRuslan Ermilov.Va maxMSS 68c604c876SGleb Smirnoffif it exceeds 69a4be0b3cSRuslan Ermilov.Va maxMSS . 70a4be0b3cSRuslan ErmilovAfter that, packets would be sent to hook 71a4be0b3cSRuslan Ermilov.Va outHook . 72*c60bda17SJoel Dahl.It Dv NGM_TCPMSS_GET_STATS Pq Ic getstats 73a4be0b3cSRuslan ErmilovThis control message obtains statistics for a given hook. 74c604c876SGleb SmirnoffThe statistics are returned in 75c604c876SGleb Smirnoff.Vt "struct ng_tcpmss_hookstat" : 76c604c876SGleb Smirnoff.Bd -literal 77c604c876SGleb Smirnoffstruct ng_tcpmss_hookstat { 78c604c876SGleb Smirnoff uint64_t Octets; /* total bytes */ 79c604c876SGleb Smirnoff uint64_t Packets; /* total packets */ 80c604c876SGleb Smirnoff uint16_t maxMSS; /* maximum MSS */ 81c604c876SGleb Smirnoff uint64_t SYNPkts; /* TCP SYN packets */ 82c604c876SGleb Smirnoff uint64_t FixedPkts; /* changed packets */ 83c604c876SGleb Smirnoff}; 84c604c876SGleb Smirnoff.Ed 85*c60bda17SJoel Dahl.It Dv NGM_TCPMSS_CLR_STATS Pq Ic clrstats 86a4be0b3cSRuslan ErmilovThis control message clears statistics for a given hook. 87*c60bda17SJoel Dahl.It Dv NGM_TCPMSS_GETCLR_STATS Pq Ic getclrstats 88a4be0b3cSRuslan ErmilovThis control message obtains and clears statistics for a given hook. 89c604c876SGleb Smirnoff.El 90c604c876SGleb Smirnoff.Sh EXAMPLES 91a4be0b3cSRuslan ErmilovIn the following example, packets are injected into the 92a4be0b3cSRuslan Ermilov.Nm tcpmss 93a4be0b3cSRuslan Ermilovnode using the 94c604c876SGleb Smirnoff.Xr ng_ipfw 4 95c604c876SGleb Smirnoffnode. 96c604c876SGleb Smirnoff.Bd -literal -offset indent 97c604c876SGleb Smirnoff# Create tcpmss node and connect it to ng_ipfw node 98c604c876SGleb Smirnoffngctl mkpeer ipfw: tcpmss 100 qqq 99c604c876SGleb Smirnoff 100c604c876SGleb Smirnoff# Adjust MSS to 1452 101c604c876SGleb Smirnoffngctl msg ipfw:100 config '{ inHook="qqq" outHook="qqq" maxMSS=1452 }' 102c604c876SGleb Smirnoff 103c604c876SGleb Smirnoff# Divert traffic into tcpmss node 104c604c876SGleb Smirnoffipfw add 300 netgraph 100 tcp from any to any tcpflags syn out via fxp0 105c604c876SGleb Smirnoff 106c604c876SGleb Smirnoff# Let packets continue with ipfw after being hacked 107c604c876SGleb Smirnoffsysctl net.inet.ip.fw.one_pass=0 108c604c876SGleb Smirnoff.Ed 109c604c876SGleb Smirnoff.Sh SHUTDOWN 110c604c876SGleb SmirnoffThis node shuts down upon receipt of an 111c604c876SGleb Smirnoff.Dv NGM_SHUTDOWN 112c604c876SGleb Smirnoffcontrol message, or when all hooks have been disconnected. 113c604c876SGleb Smirnoff.Sh SEE ALSO 114c604c876SGleb Smirnoff.Xr netgraph 4 , 115c604c876SGleb Smirnoff.Xr ng_ipfw 4 116c604c876SGleb Smirnoff.Sh HISTORY 117c604c876SGleb SmirnoffThe 118c604c876SGleb Smirnoff.Nm 119c604c876SGleb Smirnoffnode type was implemented in 120c604c876SGleb Smirnoff.Fx 6.0 . 121c604c876SGleb Smirnoff.Sh AUTHORS 122c604c876SGleb Smirnoff.An Alexey Popov Aq lollypop@flexuser.ru 123c604c876SGleb Smirnoff.An Gleb Smirnoff Aq glebius@FreeBSD.org 124c604c876SGleb Smirnoff.Sh BUGS 125a4be0b3cSRuslan ErmilovWhen running on SMP, system statistics may be broken. 126