Wireshark-users: Re: [Wireshark-users] When are payload lengths greater than the negotiated MSS?
On Nov 26, 2009, at 10:01 AM, Ashwin Rao wrote:
Clearly data payloads with length greater than the MSS negotiated are
being exchanged. I would like to know under which conditions are
payloads greater than the MSS exchanged?
When TCP segmentation offloading (TSO) is being done?
Linux's loopback interface might claim to support TSO (if somebody
does, say, a 4K write to a TCP socket connected to another socket on
the same machine, there's no point in breaking that up into MSS-sized
chunks, as the MTU is just a convention for the loopback interface -
there's no hardware or link-layer-standard reason for any particular
MTU), and it might implement it by accepting larger-than-MSS chunks of
data, *not* splitting it up before "sending" it (as, again, the MTU is
just a convention), so that when the packet is received it looks like
a big packet.
libpcap, on the Linux loopback device, hands the incoming copy of the
packet, not the outgoing copy of the packet, to the application, so
what you're seeing are the incoming packets.
Further, is there a way to
limit the payloads to the specified MSS value?
If TSO is the cause, you could see whether you can disable TSO on the
loopback interface, somehow (and possibly get a reduction in
throughput as a result).
