[src/trunk]: src/share/man/man4 Add a paragraph about MSS clamping (refer

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/share/man/man4 Add a paragraph about MSS clamping (refer
From: wiz <wiz%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 11:43:15 +0000

details:   https://anonhg.NetBSD.org/src/rev/fc2980b5eee1
branches:  trunk
changeset: 534085:fc2980b5eee1
user:      wiz <wiz%NetBSD.org@localhost>
date:      Mon Jul 15 22:03:00 2002 +0000

description:
Add a paragraph about MSS clamping (refer
        http://www.netbsd.org/Documentation/network/pppoe/ )
on request by billc and martin. Some minor fixes.

diffstat:

 share/man/man4/pppoe.4 |  85 ++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 73 insertions(+), 12 deletions(-)

diffs (136 lines):

diff -r e56da5d3c57c -r fc2980b5eee1 share/man/man4/pppoe.4
--- a/share/man/man4/pppoe.4    Mon Jul 15 17:23:06 2002 +0000
+++ b/share/man/man4/pppoe.4    Mon Jul 15 22:03:00 2002 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: pppoe.4,v 1.9 2002/04/14 11:42:56 martin Exp $
+.\"    $NetBSD: pppoe.4,v 1.10 2002/07/15 22:03:00 wiz Exp $
 .\"
 .\" Copyright (c) 2002 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -34,7 +34,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 10, 2001
+.Dd July 15, 2002
 .Dt PPPOE 4
 .Os
 .Sh NAME
@@ -95,16 +95,16 @@
 This all is typically accomplished using an
 .Pa /etc/ifconfig.pppoe0
 file.
-.Sh IMPORTANT NOTE
+.Ss MSS/MTU problems
 If you are using a
 .Nm
-interface, you will have an unusual low MTU for todays internet.
+interface, you will have an unusual low MTU for todays Internet.
 Combined with a lot of misconfigured sites (host using path MTU discovery
 behind a router blocking all ICMP traffic) this will often cause problems.
 Connections to this servers will only work if your system advertises the
-right MSS in the TCP three way handshake. To get the right MSS, you need
-to set
-.Bd -literal
+right MSS in the TCP three way handshake.
+To get the right MSS, you need to set
+.Bd -literal -offset indent
 # Obey interface MTUs when calculating MSS
 net.inet.tcp.mss_ifmtu=1
 .Ed
@@ -113,19 +113,79 @@
 .Pa /etc/sysctl.conf
 file.
 This causes the calculated MSS to be based on the MTU of the interface
-via which the packet is sent. This is always the right value if you are
-sure the answer to this packet will be received on the same interface
-(I.e. you only have one interface connected to the internet.)
+via which the packet is sent.
+This is always the right value if you are sure the answer to this packet
+will be received on the same interface (i.e., you only have one interface
+connected to the Internet.)
 .Pp
 Unfortunately this sysctl does not fix the MSS advertised by hosts in
 the network behind a
 .Nm
 connected router.
+.Ss Setting up NAT with MSS-clamping
+Some systems behind misconfigured firewalls try to use
+Path-MTU-Discovery, while their firewall blocks all ICMP messages.
+This is an illegal, but not uncommon, setup.
+Typically you will have no chance to fix this (remote, outside of your
+control) setup.
+And sometimes you will have to use such remote systems (to download
+data from them, or to do your online banking).
+.Pp
+Without special care systems as described above will not be able
+to send larger chunks of data to a system connected via
+.Nm "" .
+But there is a workaround (some may call it cheating): pretend to not
+be able to handle large packets, by sending a small MSS (maximum
+segment size) option during initial TCP handshake.
+.Pp
+For connections originating from your
+.Nm
+connected machines, this is accomplished by setting the sysctl
+variable
+.Dv net.inet.tcp.mss_ifmtu
+to 1, i.e., by adding this
+.Bd -literal -offset indent
+# Obey interface MTUs when calculating MSS
+net.inet.tcp.mss_ifmtu=1
+.Ed
+.Pp
+to
+.Pa /etc/sysctl.conf .
+For connections originating from systems behind your
+.Nm
+router, you need to set the
+.Dv mssclamp
+options in your NAT rules, like in this example of
+.Pa /etc/ipnat.conf :
+.Bd -literal -offset indent
+map pppoe0 192.168.1.0/24 -> 0/32 portmap tcp/udp 44000:49999 mssclamp 1452
+map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452
+.Ed
+.Pp
+If you do not use NAT, you need to setup a 1:1 NAT rule, just to
+get the clamping:
+.Bd -literal -offset indent
+map pppoe0 x.x.x.x/24 -> 0/0 mssclamp 1452
+.Ed
+.Pp
+.Em Note :
+While the MSS of 1452 byte (as shown in the examples above) is the
+theoretically correct value (it accounts for the smaller
+.Nm
+MTU, the TCP header and the maximum of 0x40 bytes of TCP options), it
+seems to not be sufficient in some cases.
+Other
+.Nm
+implementations recommend clamping to 1412 byte MSS, and we have
+received reports that this actually helps in some situations.
+So if you have weird problems (like sessions to certain sites
+stalling), you might try using this even smaller value and see if it
+helps.
 .Sh EXAMPLES
 A typical
 .Pa /etc/ifconfig.pppoe0
 file looks like this:
-.Bd -literal
+.Bd -literal -offset indent
 create
 ! /sbin/ifconfig ne0 up
 ! /sbin/pppoectl -e ne0 $int
@@ -155,9 +215,10 @@
 and
 .Pa /etc/ppp/ip-down
 for this purpose, simply add
-.Bd -literal
+.Bd -literal -offset indent
 ifwatchd=YES
 .Ed
+.Pp
 to
 .Pa /etc/rc.conf .
 See

Prev by Date: [src/trunk]: src/sys/arch/evbarm/conf add configuration file
Next by Date: [src/trunk]: src/usr.bin/top copyright cleanup from openbsd (thanks!)
Previous by Thread: [src/trunk]: src/sys/arch/evbarm/conf add configuration file
Next by Thread: [src/trunk]: src/usr.bin/top copyright cleanup from openbsd (thanks!)
Indexes:

Home | Main Index | Thread Index | Old Index