I have there a OpenVPN VPN network connection, where the MSS size 60 gets send out for some reason (don't know why yet). EDIT: Reason: OpenVPN mssfix was mistakenly set to 1
36 92.064383 10.102.0.43 10.1.151.50 TCP 52 49991 → 63760 [SYN] Seq=0 Win=65535 Len=0 MSS=60 WS=128 SACK_PERM=1
37 92.064763 10.1.151.50 10.102.0.43 TCP 52 63760 → 49991 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1
There are two devices on this network, which behave different.
- Win 10 PC with Filezilla FTP Server
- Embedded device (PLC) based on VxWorks with internal FTP server
The PC sets the MSS size to 536, but the PLC sets it down to 60 like requested.
41 92.171676 10.1.151.50 10.102.0.43 FTP-DATA 576 FTP Data: 536 bytes (PASV) (RETR TCData.br)
67 17.385576 10.1.151.1 10.102.0.43 FTP-DATA 100 FTP Data: 60 bytes (PASV) (RETR TCData.br)
Is that implemented on the right way on both sides?
I know that the default TCP MSS is 536, but is there a required minimum size?
The minimum MSS is controlled by the minimum IP datagram MTU of 576 bytes. Since TCP uses 40 bytes of overhead, then the minimum MSS is 536 bytes. If more bytes are used, say for timestamps, then the MSS would be smaller
This can be found in the IP RFC 791 Section 3.1. Internet Header Format - > Total Length.
Total Length is the length of the datagram, measured in octets, including internet header and data. This field allows the length of a datagram to be up to 65,535 octets. Such long datagrams are impractical for most hosts and networks. All hosts must be prepared to accept datagrams of up to 576 octets (whether they arrive whole or in fragments). It is recommended that hosts only send datagrams larger than 576 octets if they have assurance that the destination is prepared to accept the larger datagrams.