Make MSS clamping configurable, but enabled by default.

It can either be set globally in tinc.conf, or per-node in host config files.
2010-01-16 20:16:33 +01:00 · 2010-01-16 20:16:33 +01:00 · b455111184
commit b455111184
parent 95928f7c29
6 changed files with 35 additions and 1 deletions
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@ -347,6 +347,11 @@ Furthermore, specifying
 will turn off packet encryption.
 It is best to use only those ciphers which support CBC mode.

+.It Va ClampMSS Li = yes | no Pq yes
+This option specifies whether tinc should clamp the maximum segment size (MSS)
+of TCP packets to the path MTU. This helps in situations where ICMP
+Fragmentation Needed or Packet too Big messages are dropped by firewalls.
+
 .It Va Compression Li = Ar level Pq 0
 This option sets the level of compression used for UDP packets.
 Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@ -956,6 +956,12 @@ Any cipher supported by OpenSSL is recognized.
 Furthermore, specifying "none" will turn off packet encryption.
 It is best to use only those ciphers which support CBC mode.

+@cindex ClampMSS
+@item ClampMSS = <yes|no> (yes)
+This option specifies whether tinc should clamp the maximum segment size (MSS)
+of TCP packets to the path MTU. This helps in situations where ICMP
+Fragmentation Needed or Packet too Big messages are dropped by firewalls.
+
@cindex Compression
@item Compression = <@var{level}> (0)
 This option sets the level of compression used for UDP packets.