Maximum Segment Size (MSS) value advertised by a Server or a System is the preffered size of the segment that it can receive. For an standard packet this is equivalent to the Maximum Transmission unit (MTU) – 40bytes (standard TCP/IP overhead of 40 bytes [20+20]). This is the value that the server advertises and not what we can transmit.
If the MTU is 1500 bytes then the MSS will be 1460 bytes.
In Redhat Linux, if not set manually, the Kernel calculates the MSS simply as MTU-MSS bytes. However, this advertised value of MSS can be manually set for individual networks or hosts by setting them in route commands
To set the MSS Value for a network
IP ROUTE ADD 192.168.1.0/24 DEV ETH0 ADVMSS 1310
where the "ip route" command sets the static route for the network via ethernet 0 and the part "advmss" sets the MSS value of 1310 bytes.
To set the MSS Value for a Host
IP ROUTE ADD 192.168.1.1 DEV ETH0 ADVMSS 1310
The above commands set the MSS values at a network / host basis dynamically when the server in use.
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Important:
MSS = MTU – 40bytes (standard TCP/IP overhead of 40 bytes [20+20])
If the MTU is 1500 bytes then the MSS will be 1460 bytes.
In addition to xaxxon's answer, just wanted to note my experience with trying to force my Linux to send only maximum TCP segments of a certain size (lower than what they normally are):
- The easiest way I found to do so, was to use iptables:
sudo iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN --destination 1.1.1.1 -j TCPMSS --set-mss 200
This overwrites the remote incoming SYN/ACK packet on an outbound connection, and forces the MSS to a specific value.
Note1: You do not see this in wireshark, since wireshark capture before this happens.
Note 2: Iptables does not allow you to -increase- the MSS, just lower it
- Alternatively, I also tried setting the socket option TCP_MAXSEG, like dennis had done. After taking the fix from xaxxon, this also worked.
Note: You should read the MSS value after the connection has been set up. Otherwise it returns the default value, which put me (and dennis) on the wrong track.
Now finally, I also ran into a number of other things:
-
I ran into TCP-offloading issues, where despite my MSS being set correctly, the frames being sent were still shown by wireshark as too big. You can disable this feature by :
sudo ethtool -K eth0 tx off sg off tso off. This took me a long time to figure out. -
TCP has lots of fancy things like MTU path discovery, which actually try to dynamically increase the MSS. Fun and cool, but confusing obviously. I did not have issues with it though in my tests
Hope this helps someone trying to do the same thing one day