{"id":601,"date":"2025-04-09T17:58:48","date_gmt":"2025-04-09T09:58:48","guid":{"rendered":"https:\/\/www.feeek.com\/?p=601"},"modified":"2025-04-12T10:36:11","modified_gmt":"2025-04-12T02:36:11","slug":"mss%e5%a4%b9%e7%b4%a7%e5%a6%82%e4%bd%95%e8%ae%be%e7%bd%ae","status":"publish","type":"post","link":"https:\/\/www.feeek.com\/?p=601","title":{"rendered":"MSS\u5939\u7d27\u5982\u4f55\u8bbe\u7f6e?"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>MSS\uff08Maximum Segment Size\uff09\u5939\u7d27\u662f\u4e00\u79cd\u7f51\u7edc\u4f18\u5316\u6280\u672f\uff0c\u7528\u4e8e\u5728 TCP \u4e09\u6b21\u63e1\u624b\u8fc7\u7a0b\u4e2d\u8c03\u6574 MSS \u503c\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5305\u5927\u5c0f\u9002\u914d\u7f51\u7edc\u8def\u5f84\u7684 MTU\uff08Maximum Transmission Unit\uff09\u3002\u4ee5\u4e0b\u662f\u8bbe\u7f6e MSS \u5939\u7d27\u7684\u6b65\u9aa4\uff1a<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>\u5728\u8def\u7531\u5668\u6216\u9632\u706b\u5899\u4e2d\u542f\u7528 MSS \u5939\u7d27<\/strong>\uff1a\n<ul class=\"wp-block-list\">\n<li>\u5982\u679c\u4f60\u4f7f\u7528\u7684\u662f OpenWrt\uff0c\u53ef\u4ee5\u5728\u9632\u706b\u5899\u8bbe\u7f6e\u4e2d\u627e\u5230 MSS \u5939\u7d27\u9009\u9879\uff1a\n<ul class=\"wp-block-list\">\n<li>\u8fdb\u5165\u9632\u706b\u5899\u8bbe\u7f6e\u754c\u9762\u3002<\/li>\n\n\n\n<li>\u5728 WAN \u533a\u57df\u7684\u5e38\u89c4\u8bbe\u7f6e\u4e2d\uff0c\u52fe\u9009 <strong>TCP MSS Clamping<\/strong> \u9009\u9879\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u8fd9\u4f1a\u81ea\u52a8\u5c06 MSS \u503c\u8c03\u6574\u4e3a\u9002\u914d MTU \u7684\u5927\u5c0f\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>\u624b\u52a8\u8bbe\u7f6e iptables \u89c4\u5219<\/strong>\uff1a\n<ul class=\"wp-block-list\">\n<li>\u5982\u679c\u4f60\u4f7f\u7528\u7684\u662f Linux \u7cfb\u7edf\uff0c\u53ef\u4ee5\u901a\u8fc7 iptables \u624b\u52a8\u8bbe\u7f6e MSS \u5939\u7d27\u89c4\u5219\u3002\u4f8b\u5982\uff1abash<code>iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu<\/code><\/li>\n\n\n\n<li>\u8fd9\u6761\u89c4\u5219\u4f1a\u6839\u636e\u8def\u5f84 MTU \u81ea\u52a8\u8c03\u6574 MSS \u503c\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>\u68c0\u67e5\u548c\u9a8c\u8bc1<\/strong>\uff1a\n<ul class=\"wp-block-list\">\n<li>\u4f7f\u7528\u5de5\u5177\uff08\u5982 <code>tcpdump<\/code> \u6216 <code>Wireshark<\/code>\uff09\u6293\u5305\uff0c\u786e\u8ba4 TCP \u63e1\u624b\u4e2d\u7684 MSS \u503c\u662f\u5426\u88ab\u6b63\u786e\u8c03\u6574\u3002<\/li>\n\n\n\n<li>\u4f8b\u5982\uff0c\u6293\u53d6 TCP SYN \u5305\u5e76\u67e5\u770b MSS \u503c\uff1abash<code>tcpdump -i eth0 tcp[tcpflags] &amp; tcp-syn<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>\u8c03\u6574 MTU \u548c MSS<\/strong>\uff1a\n<ul class=\"wp-block-list\">\n<li>\u5982\u679c\u9700\u8981\u624b\u52a8\u8bbe\u7f6e MSS \u503c\uff0c\u53ef\u4ee5\u5728 iptables \u4e2d\u6307\u5b9a\u4e00\u4e2a\u56fa\u5b9a\u503c\u3002\u4f8b\u5982\uff1abash<code>iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360<\/code><\/li>\n\n\n\n<li>\u8fd9\u91cc\u7684 <code>1360<\/code> \u662f\u4e00\u4e2a\u793a\u4f8b\u503c\uff0c\u4f60\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u7f51\u7edc\u73af\u5883\u8c03\u6574\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p>MSS \u5939\u7d27\u7684\u4e3b\u8981\u76ee\u7684\u662f\u907f\u514d\u56e0 MTU \u4e0d\u5339\u914d\u5bfc\u81f4\u7684\u5206\u7247\u95ee\u9898\uff0c\u4ece\u800c\u63d0\u9ad8\u7f51\u7edc\u4f20\u8f93\u7684\u7a33\u5b9a\u6027\u548c\u6548\u7387\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MSS\uff08Maximum Segment Size\uff09\u5939\u7d27\u662f\u4e00\u79cd\u7f51\u7edc\u4f18\u5316\u6280\u672f\uff0c\u7528\u4e8e\u5728 TCP \u4e09\u6b21\u63e1\u624b\u8fc7\u7a0b\u4e2d\u8c03\u6574  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-601","post","type-post","status-publish","format-standard","hentry","category-tech"],"blocksy_meta":[],"_links":{"self":[{"href":"https:\/\/www.feeek.com\/index.php?rest_route=\/wp\/v2\/posts\/601","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.feeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.feeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.feeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.feeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=601"}],"version-history":[{"count":2,"href":"https:\/\/www.feeek.com\/index.php?rest_route=\/wp\/v2\/posts\/601\/revisions"}],"predecessor-version":[{"id":603,"href":"https:\/\/www.feeek.com\/index.php?rest_route=\/wp\/v2\/posts\/601\/revisions\/603"}],"wp:attachment":[{"href":"https:\/\/www.feeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.feeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=601"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.feeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}