diff options
| author | Lorenzo Colitti <lorenzo@google.com> | 2014-10-02 20:46:23 +0900 |
|---|---|---|
| committer | The Android Automerger <android-build@google.com> | 2014-10-02 22:38:14 -0700 |
| commit | 7fbe67c74feec9fba35c592274ff25d1ca22ed57 (patch) | |
| tree | d5fe6e47a14166be6d2d8d169c59649a43b11069 | |
| parent | 7d704425c149e4d8d7bb4d98f35c60922fe2a229 (diff) | |
| download | android_system_netd-7fbe67c74feec9fba35c592274ff25d1ca22ed57.tar.gz android_system_netd-7fbe67c74feec9fba35c592274ff25d1ca22ed57.tar.bz2 android_system_netd-7fbe67c74feec9fba35c592274ff25d1ca22ed57.zip | |
Fix MSS clamping.
http://ag/553410 added an iptables chain and rule to do MSS
clamping for tethered clients, but did not add the chain to any
other chains, so the rule had no effect.
Fix this by adding the chain to the proper forwarding chains.
Also rename some of the new variables and constants so they are
more consistent with the previous code.
Bug: 17552732
Bug: 17727533
Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c
| -rw-r--r-- | server/CommandListener.cpp | 6 | ||||
| -rw-r--r-- | server/NatController.cpp | 6 | ||||
| -rw-r--r-- | server/NatController.h | 1 |
3 files changed, 9 insertions, 4 deletions
diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp index c1acb16c..e2d2308d 100644 --- a/server/CommandListener.cpp +++ b/server/CommandListener.cpp @@ -132,6 +132,11 @@ static const char* MANGLE_POSTROUTING[] = { NULL, }; +static const char* MANGLE_FORWARD[] = { + NatController::LOCAL_MANGLE_FORWARD, + NULL, +}; + static const char* NAT_PREROUTING[] = { OEM_IPTABLES_NAT_PREROUTING, NULL, @@ -217,6 +222,7 @@ CommandListener::CommandListener() : createChildChains(V4V6, "filter", "OUTPUT", FILTER_OUTPUT); createChildChains(V4V6, "raw", "PREROUTING", RAW_PREROUTING); createChildChains(V4V6, "mangle", "POSTROUTING", MANGLE_POSTROUTING); + createChildChains(V4, "mangle", "FORWARD", MANGLE_FORWARD); createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING); createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING); diff --git a/server/NatController.cpp b/server/NatController.cpp index d9a779ca..e66d9715 100644 --- a/server/NatController.cpp +++ b/server/NatController.cpp @@ -36,6 +36,7 @@ #include "RouteController.h" const char* NatController::LOCAL_FORWARD = "natctrl_FORWARD"; +const char* NatController::LOCAL_MANGLE_FORWARD = "natctrl_mangle_FORWARD"; const char* NatController::LOCAL_NAT_POSTROUTING = "natctrl_nat_POSTROUTING"; const char* NatController::LOCAL_TETHER_COUNTERS_CHAIN = "natctrl_tether_counters"; @@ -97,10 +98,7 @@ int NatController::setupIptablesHooks() { {{IPTABLES_PATH, "-F", LOCAL_TETHER_COUNTERS_CHAIN,}, 0}, {{IPTABLES_PATH, "-X", LOCAL_TETHER_COUNTERS_CHAIN,}, 0}, {{IPTABLES_PATH, "-N", LOCAL_TETHER_COUNTERS_CHAIN,}, 1}, - {{IPTABLES_PATH, "-t", "mangle", "-F", LOCAL_FORWARD,}, 0}, - {{IPTABLES_PATH, "-t", "mangle", "-X", LOCAL_FORWARD,}, 0}, - {{IPTABLES_PATH, "-t", "mangle", "-N", LOCAL_FORWARD,}, 1}, - {{IPTABLES_PATH, "-t", "mangle", "-A", LOCAL_FORWARD, "-p", "tcp", "--tcp-flags", + {{IPTABLES_PATH, "-t", "mangle", "-A", LOCAL_MANGLE_FORWARD, "-p", "tcp", "--tcp-flags", "SYN", "SYN", "-j", "TCPMSS", "--clamp-mss-to-pmtu"}, 0}, }; for (unsigned int cmdNum = 0; cmdNum < ARRAY_SIZE(defaultCommands); cmdNum++) { diff --git a/server/NatController.h b/server/NatController.h index 9102f469..f23bf84c 100644 --- a/server/NatController.h +++ b/server/NatController.h @@ -31,6 +31,7 @@ public: int setupIptablesHooks(); static const char* LOCAL_FORWARD; + static const char* LOCAL_MANGLE_FORWARD; static const char* LOCAL_NAT_POSTROUTING; static const char* LOCAL_TETHER_COUNTERS_CHAIN; |