{"id":19660068,"url":"https://github.com/germancoding/segmentist","last_synced_at":"2026-05-14T00:42:57.904Z","repository":{"id":94058290,"uuid":"517424849","full_name":"GermanCoding/segmentist","owner":"GermanCoding","description":"Rust eBPF program to determine whether hosts respect MSS","archived":false,"fork":false,"pushed_at":"2023-03-26T03:56:12.000Z","size":144,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-22T00:03:24.822Z","etag":null,"topics":["ebpf","mss","rust","tcp"],"latest_commit_sha":null,"homepage":"https://segmentist.germancoding.com","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GermanCoding.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-24T20:03:12.000Z","updated_at":"2024-01-07T19:14:21.000Z","dependencies_parsed_at":"2023-07-31T00:16:54.881Z","dependency_job_id":null,"html_url":"https://github.com/GermanCoding/segmentist","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/GermanCoding/segmentist","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermanCoding%2Fsegmentist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermanCoding%2Fsegmentist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermanCoding%2Fsegmentist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermanCoding%2Fsegmentist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GermanCoding","download_url":"https://codeload.github.com/GermanCoding/segmentist/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GermanCoding%2Fsegmentist/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33005071,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"ssl_error","status_checked_at":"2026-05-13T13:14:51.610Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","mss","rust","tcp"],"created_at":"2024-11-11T15:45:12.075Z","updated_at":"2026-05-14T00:42:57.887Z","avatar_url":"https://github.com/GermanCoding.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# segmentist\n\nRust eBPF program to determine whether hosts respect MSS\n\n### Live version\n\nA deployed version of this project is here: https://segmentist.germancoding.com/\n\n### What's MSS?\n\nMSS is the maximum size a data packet can have in a TCP segment. A TCP segment is the payload contained within TCP, i.e.\nthe packet size without OSI layer 2/3/4 headers. MSS can be advertised by hosts during the TCP handshake and is often\n1460 bytes, because the maximum size of an IP data-packet is often 1500 bytes, and the IPv4 and TCP headers are ~40\nbytes long, though this can vary depending on options.\n\n### About this tool\n\nThis tool (source on GitHub) allows you to test a certain server, identified by an URL, to check whether that host\nappears to honor the MSS advertised by a system. To do this, this tool advertises a fake MSS of 1000 bytes, even though\nthe underlying network is capable of handling larger packets. We analyze raw network packets to check their sizes and\nthen infer whether a host appears to honor the 1000 byte limit. 1000 bytes is much lower than what a usual network can\nhandle, but it's also not unreasonably small.\n\n### Building\n\nBuilding this program requires:\n\n- Linux x86-64 or aarch64\n- Rust (v1.59 at this time, v1.6+ unsupported)\n- RedBPF (https://github.com/foniod/redbpf)\n    - In particular, you must install a recent version of cargo-bpf\n- A recent Linux kernel version. eBPF is a relatively recent, fast moving\n  technology within the Linux kernel. Many features are only available on\n  recent (5.8+) kernels. I do not test on anything older than 5.10. You may be\n  able to get this running on older kernels (technically 4.14+ should work), but I can't promise anything.\n- Linux kernel with BTF support is highly recommended. Some BTF-enabled distribution\n  versions: https://github.com/aquasecurity/tracee/discussions/713\n\n#### Build instructions\n\nAt this time, RedBPF is not updated to support LLVM v14, but Rust 1.60+ uses LLVM v14.\nThus, make sure you install Rust 1.59.\nIf using rustup (https://rustup.rs):\n\n```curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh```\n\nSelect \"Customize installation\".\nLeave default host triple, but choose \"1.59\" when asked for \"default toolchain\". The other options are your preference,\nbut the defaults are easiest. Follow the on-screen instructions. You now have Rust!\nCheck that your Rust setup works and version is correct:\n\n```rustc --version```\n\nShould print: ```rustc 1.59.0 (9d1b2106e 2022-02-23)```\n\nNow, let's install cargo-bpf (a module of RedBPF). This requires LLVM v13 suites.\nSee the README of RedBPF (https://github.com/foniod/redbpf) for details on various distros. We're assuming Ubuntu 20.04\nhere, but generally any recent Debian/Ubuntu should work.\n\nThis installs LLVM from the official upstream LLVM project (seems to work best) as well as some dependencies:\n\n```\nsudo su # Elevate to root\napt-get update \\\n\u0026\u0026 apt-get -y install \\\nwget \\\nbuild-essential \\\nsoftware-properties-common \\\nlsb-release \\\nlibelf-dev \\\nlinux-headers-generic \\\npkg-config \\\n\u0026\u0026 wget https://apt.llvm.org/llvm.sh \u0026\u0026 chmod +x llvm.sh \u0026\u0026 ./llvm.sh 13 \u0026\u0026 rm -f ./llvm.sh\nexit # Drop root\n```\n\nInstall cargo-bpf. We install from git instead of from crates.io (default), because the crates.io version is slightly\ntoo old.\n\n```cargo install cargo-bpf --git https://github.com/foniod/redbpf.git```\n\nWe now have all dependencies. Let's build our project:\n\n```./build.sh```\n\nThis may take a while on first run, because cargo downloads and compiles many dependencies. It should complete without\nerrors. You now have the project build!\n\nBinaries and other build artifacts can be found in ./target/\n\n### Running the program\n\nYou can run segmentist's Rust component via\n\n```sudo ./target/release/segmentist --help```\n\nNote that currently all segmentist actions require root permissions.\nThis is due to eBPF restrictions: We need a number of capabilities,\nwhich is easier to obtain by being root. We also need access to the debugfs,\nwhich is (by default) only accessible for root.\n\nCommands that do not require root for all actions will first perform\nsetup as root and then immediately drop their root privileges for security.\n\nIf you want to test MSS, you need an interface with a faked (clamped) MSS.\nThere is a script in this repository, ```./IPTABLES_CMDS.sh``` that\nsets up an interface with clamped MSS. This interface is expected by\nthe Rust component.\n\nNote that ```segmentist load/unload``` expects the real, physical, interface,\nnot the interface with faked MSS. This fake interface is only used to make\noutbound connections with clamped MSS.\n\n### Using the web component\n\nThe web directory hosts the website that can be used as an example frontend for this tool and is also what is running on\nmy hosted version of this tool.\n\nToo bootstrap this, you need to fetch a few dependencies, which can be done automatically using the\n```WEB_DEPENDENCY_DOWNLOAD.sh``` script (requires a POSIX-compatible shell and wget).\n\nThe web component sends HTTP(S) requests to ```backend/scanurl```, while\nthe Rust component reacts to requests for ```http://\u003cbind-ip\u003e:\u003cbind-port\u003e/scanurl```.\n\nIt is suggested to setup a reverse proxy that forwards the ```backend/scanurl``` HTTPS requests\nto the Rust component (which only supports HTTP).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgermancoding%2Fsegmentist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgermancoding%2Fsegmentist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgermancoding%2Fsegmentist/lists"}