Lincoln Dale wrote:
> the issue is one of ensuring that packets never get fragmented prior to
> hitting the interception router.
> if the packet is already fragmented, then the router has no layer-4 state
> information in the second fragment of the packet from which to deduce "this
> is a packet destined towards tcp port 80".
According to the IP flags these packets are not fragmented.
What I was talking about whas how Cisco fragments a incoming packet that
gets WCCP encapsulated and thus gets larger than the MTU for the
outgoing interface. The simple approach is to encapsulate and then
fragment, while a more elaborate approach is to fragment after
interception but before encapsulation. The sole purpose is to make sure
the DF bit is honoured in the encapsulation process/router to make sure
that path MSS detection works for the normal cases at the client side
without any special actions.
> all i can state is that on cisco's caching products, we explicitly cap the
> advertised MSS in order to ensure that this is never a problem.
> it should be possible for squid to do the same via the use of an
> appropriate setsockopt() with the TCP_MAXSEG option.
Looks like a good approach.
1. Lower the TCP_MAXSEG of the accept socket to advertise a smaller MSS
to the clients.
2. (optional) When connections are established, restore the normal
TCP_MAXSEG size to make sure normal sized packets are sent to the
clients. However, care must be taken to not go above what the client has
advertised (maybe the kernel enforces this.. if so the jolly good).
-- Henrik Nordstrom Squid hackerReceived on Thu Dec 14 2000 - 21:36:50 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:58 MST