CONFIG_NETFILTER_XT_TARGET_TCPMSS: 'TCPMSS' target support

General informations

The Linux kernel configuration item CONFIG_NETFILTER_XT_TARGET_TCPMSS:

• prompt: 'TCPMSS' target support
• type: tristate
• depends on: ( CONFIG_IPV6 || CONFIG_IPV6 = CONFIG_n ) && ( CONFIG_NETFILTER_ADVANCED = CONFIG_n )
• defined in net/netfilter/Kconfig
• found in Linux kernels: 2.6.21–2.6.39, 3.0–3.19, 4.0–4.20, 5.0–5.19, 6.0–6.12
• modules built: xt_TCPMSS

Help text

This option adds a `TCPMSS' target, which allows you to alter the MSS value of TCP SYN packets, to control the maximum size for that connection (usually limiting it to your outgoing interface's MTU minus 40).

This is used to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets. The symptoms of this problem are that everything works fine from your Linux firewall/router, but machines behind it can never exchange large packets: 1) Web browsers connect, then hang with no data received. 2) Small mail works fine, but large emails hang. 3) ssh works fine, but scp hangs after initial handshaking.

Workaround: activate this option and add a rule to your firewall configuration like:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ -j TCPMSS --clamp-mss-to-pmtu

To compile it as a module, choose M here. If unsure, say N.

Hardware

LKDDb

Raw data from LKDDb:

• lkddb module xt_TCPMSS CONFIG_NETFILTER_XT_TARGET_TCPMSS : net/netfilter/Kconfig : "'TCPMSS' target support" # in 2.6.21–2.6.39, 3.0–3.19, 4.0–4.20, 5.0–5.19, 6.0–6.12

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

• Linux kernel
• Linux Kernel Driver DataBase (LKDDb)

Automatic links from Google (and ads)

Custom Search

Popular queries: