Max segment size (mss) in NPF

To: netbsd-users%netbsd.org@localhost
Subject: Max segment size (mss) in NPF
From: 76nemo76%gmx.ch@localhost
Date: Sat, 31 Dec 2016 22:40:13 +0100

I plan to make a router with NPF but until now I have mainly
worked with the PF packet filter.

To have a correct behaviour of the router, I should limit the maximum
segment size for both IPv4 and IPv6. When using PF, the following command
do the job for IPv4:
   match on $ext_if scrub (max-mss 1454 reassemble tcp random-id)

I would do something similar with NPF.
The only documentation I have found is here http://www.netbsd.org/~rmind/npf/#_application_level_gateways
but the documentation is quite sparse.   

Could someone give me some hint on how to achieve the same result as the PF command
with NPF.

thank you for help,

best regards,

Alan

Follow-Ups:
- Re: Max segment size (mss) in NPF
  - From: Thor Lancelot Simon

Prev by Date: Re: NetBSD, ipv6, and linode
Next by Date: Re: Max segment size (mss) in NPF
Previous by Thread: NetBSD, ipv6, and linode
Next by Thread: Re: Max segment size (mss) in NPF
Indexes:

Home | Main Index | Thread Index | Old Index