Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
TCPMSSD(8)		FreeBSD	System Manager's Manual		    TCPMSSD(8)

     tcpmssd --	TCP Maximum Segment Size option	corrector

     tcpmssd [-bv] -p port {-i iface | -m mtu}

     The tcpmssd utility adjusts TCP SYN packets so that the maximum receive
     segment size is not greater than the amount allowed by the	interface's

     This is necessary in many setups to avoid problems	caused by routers that
     drop ICMP "Datagram Too Big" messages, thus breaking the Path MTU Discov-
     ery algorithm (RFC	1191).	Without	these messages,	the originating	ma-
     chine sends data, it passes the rogue router then hits a machine that has
     an	MTU that is not	big enough for the data.  Because the IP "don't
     fragment" option is set, this machine sends an ICMP "Datagram Too Big"
     message back to the originator and	drops the packet.  The rogue router
     drops the ICMP and	the originator never gets to discover that it must re-
     duce the Path MTU value or	exclude	the IP "don't fragment"	option from
     its outgoing data.

     The tcpmssd utility normally runs in the background as a daemon.  It in-
     tercepts TCP packets from a divert(4) socket bound	to the port specified
     with the -p option	and reduces the	value of TCP MSS option	if necessary
     so	that the incoming TCP messages will pass through this host without
     need to send ICMP "Datagram Too Big" messages.

     The maximum value for the TCP MSS option is determined based on an	MTU
     given either as an	absolute value with the	-m option or derived from a
     network interface specified with the -i option.

     If	run with the -b	option,	tcpmssd	will attempt to	update the TCP MSS op-
     tion on both incoming and outgoing	TCP segments, as delivered on the
     divert(4) socket.	By default, only outgoing TCP segments are examined.

     If	run with the -v	option,	tcpmssd	does not detach	from its controlling
     terminal and writes various diagnostic messages to	the standard error

     The following steps are necessary to run tcpmssd:

     1.	  Build	your kernel with the following options:

		options	IPFIREWALL
		options	IPDIVERT

	  Refer	to the Handbook	for detailed instructions on building a	custom

     2.	  Make sure to redirect	TCP traffic to the divert(4) port port.	 Refer
	  to the ipfw(8) manual	page for details.

     divert(4),	ipfw(8)

     This program was written by Ruslan	Ermilov	<> based on work
     done by Patrick Bihan-Faou	<>.

FreeBSD	13.0			 June 11, 2004			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help