Provided by: freebsd-manpages_12.2-1_all bug

NAME
       ng_tcpmss — netgraph node to adjust TCP MSS option


SYNOPSIS
       #include <netgraph.h>
       #include <netgraph/ng_tcpmss.h>


DESCRIPTION
       The  tcpmss  node  type  is  designed to alter the Maximum Segment Size option of TCP packets.  This node
       accepts  an  arbitrary  number  of  hooks.   Initially  a  new  hook  is  considered  unconfigured.   The
       NG_TCPMSS_CONFIG control message is used to configure a hook.


CONTROL MESSAGES
       This node type supports the generic control messages, plus the following.

       NGM_TCPMSS_CONFIG (config)
            This  control  message  configures node to do given MSS adjusting on a particular hook.  It requires
            the struct ng_tcpmss_config to be supplied as an argument:

            struct ng_tcpmss_config {
                    char            inHook[NG_HOOKSIZ];
                    char            outHook[NG_HOOKSIZ];
                    uint16_t        maxMSS;
            }

            This means: packets received on inHook would be checked for TCP MSS option and the latter  would  be
            reduced down to maxMSS if it exceeds maxMSS.  After that, packets would be sent to hook outHook.

       NGM_TCPMSS_GET_STATS (getstats)
            This  control  message  obtains  statistics for a given hook.  The statistics are returned in struct
            ng_tcpmss_hookstat:

            struct ng_tcpmss_hookstat {
                    uint64_t        Octets;         /* total bytes */
                    uint64_t        Packets;        /* total packets */
                    uint16_t        maxMSS;         /* maximum MSS */
                    uint64_t        SYNPkts;        /* TCP SYN packets */
                    uint64_t        FixedPkts;      /* changed packets */
            };

       NGM_TCPMSS_CLR_STATS (clrstats)
            This control message clears statistics for a given hook.

       NGM_TCPMSS_GETCLR_STATS (getclrstats)
            This control message obtains and clears statistics for a given hook.


EXAMPLES
       In the following example, packets are injected into the tcpmss node using the ng_ipfw(4) node.

             # Create tcpmss node and connect it to ng_ipfw node
             ngctl mkpeer ipfw: tcpmss 100 qqq

             # Adjust MSS to 1452
             ngctl msg ipfw:100 config '{ inHook="qqq" outHook="qqq" maxMSS=1452 }'

             # Divert traffic into tcpmss node
             ipfw add 300 netgraph 100 tcp from any to any tcpflags syn out via fxp0

             # Let packets continue with ipfw after being hacked
             sysctl net.inet.ip.fw.one_pass=0


SHUTDOWN
       This node shuts down upon receipt of an NGM_SHUTDOWN  control  message,  or  when  all  hooks  have  been
       disconnected.


SEE ALSO
       netgraph(4), ng_ipfw(4)


HISTORY
       The ng_tcpmss node type was implemented in FreeBSD 6.0.


AUTHORS
       Alexey Popov <lollypop@flexuser.ru>
       Gleb Smirnoff <glebius@FreeBSD.org>


BUGS
       When running on SMP, system statistics may be broken.

Debian                                            June 9, 2005                                      NG_TCPMSS(4)