Date: Tue, 6 Apr 2004 00:48:43 -0400 (EDT) From: Louis Mamakos <louie@TransSys.COM> To: FreeBSD-gnats-submit@FreeBSD.org Cc: ru@FreeBSD.org Subject: ports/65242: ports net/tcpmssd: option for tcpmssd to act on input and output packets Message-ID: <200404060448.i364mhov023419@whizzo.transsys.com> Resent-Message-ID: <200404060450.i364oCwJ066078@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 65242 >Category: ports >Synopsis: ports net/tcpmssd: option for tcpmssd to act on input and output packets >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Apr 05 21:50:11 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Louis Mamakos >Release: FreeBSD 4.9-STABLE i386 >Organization: >Environment: System: FreeBSD whizzo.transsys.com 4.9-STABLE FreeBSD 4.9-STABLE #15: Sun Mar 21 14:56:02 EST 2004 louie@whizzo.transsys.com:/a/obj/usr/src/sys/WHIZZO i386 FreeBSD 4-STABLE, using natd, ipfw, gif tunnels and the tcpmssd port >Description: Due to some unusual ipfw rules, it's not possible to divert packets to tcpmssd as they are transmitted on a network interface. This is because using the ipfw 'fwd' operation doesn't re-invoke the firewall on the packets as they are transmitted. >How-To-Repeat: >Fix: Here's a patch to add an option to tcpmssd to cause it to act on packets in either direction. --- tcpmssd.c.orig Mon Jul 17 13:57:24 2000 +++ tcpmssd.c Tue Apr 6 00:31:00 2004 @@ -51,6 +51,8 @@ static void usage(void); int verbose; +int both = 0; + char pidfilename[MAXPATHLEN]; /*- @@ -83,8 +85,11 @@ ifindex = 0; rtsock = -1; - while ((ch = getopt(argc, argv, "i:m:p:v")) != -1) + while ((ch = getopt(argc, argv, "bi:m:p:v")) != -1) switch (ch) { + case 'b': + both = 1; + break; case 'i': if (!(ifindex = if_mtu(optarg, &mtu))) { errx(1, "unknown interface %s", optarg); @@ -217,7 +222,7 @@ * TCP packets with zero fragment offset * and correct total and header lengths. */ - if (sin.sin_addr.s_addr == INADDR_ANY && + if ((both || sin.sin_addr.s_addr == INADDR_ANY) && pip->ip_p == IPPROTO_TCP && (ntohs(pip->ip_off) & IP_OFFMASK) == 0 && ntohs(pip->ip_len) == pktlen && --- tcpmssd.8.orig Tue Apr 6 00:31:14 2004 +++ tcpmssd.8 Tue Apr 6 00:34:07 2004 @@ -7,6 +7,7 @@ .Nd TCP Maximum Segment Size option corrector .Sh SYNOPSIS .Nm +.Op Fl b .Op Fl v .Fl p Ar port .Eo \&{ @@ -56,6 +57,14 @@ option or derived from a network interface specified with the .Fl i option. +.Pp +If run with the +.Fl b +option, +.Nm +will attempt to update the TCP MSS option on both input and output +TCP segments as delivered on the divert socket. By default, only +the outgoing segments are examined. .Pp If run with the .Fl v >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404060448.i364mhov023419>