Re: TCP torture testing

[William Herrin <bill () herrin us>]

On Fri, Jan 17, 2025 at 10:42 AM Lukas Tribus <lukas () ltri eu> wrote:
> This is more difficult because a TCP proxy (as in a userspace
> application) does not do the TCP segmenting, the kernel does. Sure the
> application may set flags like TCP_NODELAY to toggle Nagle, but beyond
> that the application has not really control over TCP segmentation.

Well... In theory, TCP closes the segment at the end of the
application's send() and sets the PSH flag. Likewise, on the receiving
side the recv() returns before filling the buffer upon receipt of a
segment with the PSH flag set.

In theory. In practice, it doesn't always work out that way and
applications which depend on a short recv() meaning that was where the
sender's send() ended tend to flake out in unexpected ways.


On Fri, Jan 17, 2025 at 10:13 AM Brandon Martin
<lists.nanog () monmotha net> wrote:
> * (Especially) Unusual segmentation e.g. splitting part of a stream that
> would and should normally be sent in a single segment into several
> smaller segments sent back-to-back

You can force odd segmentation in Linux with:

iptables -t mangle --insert POSTROUTING --proto tcp \
        --tcp-flags SYN,RST,FIN SYN --jump TCPMSS --set-mss 11

Regards,
Bill Herrin


-- 
William Herrin
bill () herrin us
https://bill.herrin.us/