Modifying TCP MSS values in the Linux kernel __linux

Mtu:maxitum Transmission Unit Maximum transmission units

Mss:maxitum Segment Size Maximum segment sizes

The acronym for the maximum transmission size of MSS is a concept within the TCP protocol.
MSS is the maximum data fragment that TCP packets can transmit at a time. In order to achieve the best transmission effectiveness TCP protocol usually negotiates the MSS value of both sides when establishing a connection, this value TCP protocol often replaces with MTU value (need to subtract the size of the IP packet header 20Bytes and the header 20Bytes of TCP data segment) The two sides of the communication will determine the maximum MSS value for this connection based on the MSS provided by the two sides worth the minimum value.

The general Ethernet MTU is 1500, so in Ethernet, TCP MSS is often 1460.

The specific process of negotiating TCP MSS size is as follows:
The TCP client emits a SYN message in which the MSS field filled with option options is typically (Mtu-ip header size-tcp header size), and the same TCP server sends a SYN+ACK message response after it receives a SYN message, and the MSS field populated with option options is also (Mtu-ip head size-tcp); The negotiators will compare the MSS field size in the SYN and Syn+ack messages and select a smaller MSS as the size of the TCP fragment to send.

For networks involving Pppoe+nat, IPSEC, L2TP, GRE, and so on, usually because the message is too large need fragmentation, this will reduce the transmission rate; So choosing a suitable MSS is more important for transferring data. In Linux, the TCP MSS can generally be set up by NetFilter iptables to resolve.

iptables-a forward-p tcp--tcp-flags syn,rst syn-j tcpmss--clamp-mss-to-pmtu


The purpose of this rule is to change the TCP MSS to accommodate PMTU (Path MTU)




iptables-a forward-p tcp--tcp-flags syn,rst syn-j TCPMSS--SET-MSS 128

Set MSS to 128

Here is the code for modifying the TCP MSS in a section of the kernel:

Static inline u32 set_tcp_mss (struct sk_buff *pskb, struct TCPHDR *tcph, U16 MTU) {u32 optlen, I; U8 *op; U16 NEWMSS, Old MSs U8 *mss; if (!tcph->syn) return 0; Determine if it is a legitimate TCP option if (Tcph->doff*4 < sizeof (struct TCPHDR)) return 0; Optlen = tcph->doff*4-sizeof (struct TCPHDR); if (!optlen) return 0; Scan for MSS Option OP = ((u8*) tcph + sizeof (struct TCPHDR)); for (i = 0; i < Optlen;) {if (op[i] = = Tcpopt_mss && (optlen-i) >= tcpolen_mss && op[i+1] = = TCPOLEN_MSS) {u16 mssval;//new MSS = Htons (1356); OLDMSS = (Op[i+3] << 8) | OP[I+2]; Mssval = (op[i+2] << 8) | OP[I+3]; is less than mtu-(IPHDR + tcphdr) if (Mssval > mtu-40) {newmss = htons (mtu-52);} else {break;}//MSS = &ne WMSS; OP[I+2] = NEWMSS & 0xFF; OP[I+3] = (NEWMSS & 0xff00) >> 8; Compute checksum Inet_proto_csum_replace2 (&tcph->check, PSKB, Oldmss, NEWMSS, 0); Mssval = (op[i+2] << 8) | OP[I+3]; dprintf ("Change TCP MSS%d to%d/n", Ntohs (OLDMSS), mssval); Break } if (Op[i] < 2) i++; else i + = op[i+1]? : 1; return 0; }

Windows can use a tool to modify DRTCP http://www.dslreports.com/drtcp