Merge branch 'restricted_mss' into 'master'

Restrict Ethernet TCP MSS to 1220 octects on Linux

Closes #468

See merge request !1328

src/contrib/net.c

@@ -32,6 +32,9 @@
 #include "contrib/sockaddr.h"
 #include "contrib/time.h"
 
+// 1280 (IPv6 minimum link MTU) - 40 (IPv6 fixed header) - 20 (TCP fixed header)
+#define KNOT_TCP_MSS	1220
+
 /*!
  * \brief Enable socket option.
  */
@@ -182,6 +185,18 @@ int net_bound_socket(int type, const struct sockaddr_storage *addr, net_bind_fla
 		return ret;
 	}
 
+#if defined(__linux__)
+	/* Set MSS (Maximum Segment Size) limit. */
+	if (addr->ss_family != AF_UNIX && type == SOCK_STREAM) {
+		const int mss = KNOT_TCP_MSS;
+		if (setsockopt(sock, IPPROTO_TCP, TCP_MAXSEG, &mss, sizeof(mss)) != 0) {
+			ret = knot_map_errno();
+			close(sock);
+			return ret;
+		}
+	}
+#endif
+
 	/* Don't bind IPv4 for IPv6 any address. */
 	if (addr->ss_family == AF_INET6) {
 		ret = sockopt_enable(sock, IPPROTO_IPV6, IPV6_V6ONLY);