diff options
-rw-r--r-- | CommandListener.cpp | 1 | ||||
-rw-r--r-- | SecondaryTableController.cpp | 25 | ||||
-rw-r--r-- | SecondaryTableController.h | 1 |
3 files changed, 27 insertions, 0 deletions
diff --git a/CommandListener.cpp b/CommandListener.cpp index f1bec153..0ca5d8f9 100644 --- a/CommandListener.cpp +++ b/CommandListener.cpp @@ -90,6 +90,7 @@ static const char* RAW_PREROUTING[] = { static const char* MANGLE_POSTROUTING[] = { BandwidthController::LOCAL_MANGLE_POSTROUTING, IdletimerController::LOCAL_MANGLE_POSTROUTING, + SecondaryTableController::LOCAL_MANGLE_POSTROUTING, NULL, }; diff --git a/SecondaryTableController.cpp b/SecondaryTableController.cpp index d12f4c87..736b5fec 100644 --- a/SecondaryTableController.cpp +++ b/SecondaryTableController.cpp @@ -37,6 +37,7 @@ #include "SecondaryTableController.h" const char* SecondaryTableController::LOCAL_MANGLE_OUTPUT = "st_mangle_OUTPUT"; +const char* SecondaryTableController::LOCAL_MANGLE_POSTROUTING = "st_mangle_POSTROUTING"; const char* SecondaryTableController::LOCAL_MANGLE_EXEMPT = "st_mangle_EXEMPT"; const char* SecondaryTableController::LOCAL_MANGLE_IFACE_FORMAT = "st_mangle_%s_OUTPUT"; const char* SecondaryTableController::LOCAL_NAT_POSTROUTING = "st_nat_POSTROUTING"; @@ -422,6 +423,18 @@ int SecondaryTableController::setFwmarkRule(const char *iface, bool add) { "0", NULL); + /* Best effort, because some kernels might not have the needed TCPMSS */ + execIptables(V4V6, + "-t", + "mangle", + "-A", + LOCAL_MANGLE_POSTROUTING, + "-p", "tcp", "-o", iface, "--tcp-flags", "SYN,RST", "SYN", + "-j", + "TCPMSS", + "--clamp-mss-to-pmtu", + NULL); + } else { ret = execIptables(V4V6, "-t", @@ -450,6 +463,18 @@ int SecondaryTableController::setFwmarkRule(const char *iface, bool add) { "-X", chain_str, NULL); + + /* Best effort, because some kernels might not have the needed TCPMSS */ + execIptables(V4V6, + "-t", + "mangle", + "-D", + LOCAL_MANGLE_POSTROUTING, + "-p", "tcp", "-o", iface, "--tcp-flags", "SYN,RST", "SYN", + "-j", + "TCPMSS", + "--clamp-mss-to-pmtu", + NULL); } //set up the needed source IP rewriting diff --git a/SecondaryTableController.h b/SecondaryTableController.h index 81bb8634..a1536857 100644 --- a/SecondaryTableController.h +++ b/SecondaryTableController.h @@ -59,6 +59,7 @@ public: int setupIptablesHooks(); static const char* LOCAL_MANGLE_OUTPUT; + static const char* LOCAL_MANGLE_POSTROUTING; static const char* LOCAL_MANGLE_EXEMPT; static const char* LOCAL_MANGLE_IFACE_FORMAT; static const char* LOCAL_NAT_POSTROUTING; |