NAME

SYNOPSIS

DESCRIPTION

CONTROL MESSAGES

NGM_TCPMSS_CONFIG (config)

This control message configures node to do given MSS adjusting on a particular hook. It requires the struct ng_tcpmss_config to be supplied as an argument:

struct ng_tcpmss_config {
	char		inHook[NG_HOOKSIZ];
	char		outHook[NG_HOOKSIZ];
	uint16_t	maxMSS;
}
    

This means: packets received on inHook would be checked for TCP MSS option and the latter would be reduced down to maxMSS if it exceeds maxMSS. After that, packets would be sent to hook outHook.

NGM_TCPMSS_GET_STATS (getstats)

This control message obtains statistics for a given hook. The statistics are returned in struct ng_tcpmss_hookstat:

struct ng_tcpmss_hookstat {
	uint64_t	Octets;		/* total bytes */
	uint64_t	Packets;	/* total packets */
	uint16_t	maxMSS;		/* maximum MSS */
	uint64_t	SYNPkts;	/* TCP SYN packets */
	uint64_t	FixedPkts;	/* changed packets */
};
    

NGM_TCPMSS_CLR_STATS (clrstats)

This control message clears statistics for a given hook.

NGM_TCPMSS_GETCLR_STATS (getclrstats)

This control message obtains and clears statistics for a given hook.

EXAMPLES

# Create tcpmss node and connect it to ng_ipfw node
ngctl mkpeer ipfw: tcpmss 100 qqq

# Adjust MSS to 1452
ngctl msg ipfw:100 config '{ inHook="qqq" outHook="qqq" maxMSS=1452 }'

# Divert traffic into tcpmss node
ipfw add 300 netgraph 100 tcp from any to any tcpflags syn out via fxp0

# Let packets continue with ipfw after being hacked
sysctl net.inet.ip.fw.one_pass=0

SHUTDOWN

SEE ALSO

HISTORY

AUTHORS

BUGS