iptables -A FORWARD -p tcp-
-tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
这条规则的目的就是改变TCP MSS以适应PMTU(Path
MTU)
iptables -A FORWARD -p tcp
--tcp-flags SYN,RST SYN- j TCPMSS --set-mss
1400
设置MSS为1400
6 内核对于TCP MSS的处理
那么内核对于TCP
MSS的处理到底在哪边呢? 主要是在net/netfilter/xt_TCPMSS.c里面:
static
int
tcpmss_mangle_packet(struct
sk_buff **pskb,
const struct xt_tcpmss_info *info,
unsigned int tcphoff,
unsigned int minlen)
{
struct
tcphdr *tcph;
unsigned
int tcplen, i;
__be16
oldval;
u16
newmss;
u8
*opt;
if
(!skb_make_writable(pskb, (*pskb)->len))
return -1;
tcplen =
(*pskb)->len - tcphoff;
tcph =
(struct tcphdr *