ports/65242: ports net/tcpmssd: option for tcpmssd to act on input and output packets

Tue Apr 6 04:50:46 UTC 2004

>Number:         65242
>Category:       ports
>Synopsis:       ports net/tcpmssd: option for tcpmssd to act on input and output packets
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 05 21:50:11 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Louis Mamakos
>Release:        FreeBSD 4.9-STABLE i386
>Organization:
>Environment:
System: FreeBSD whizzo.transsys.com 4.9-STABLE FreeBSD 4.9-STABLE #15: Sun Mar 21 14:56:02 EST 2004 louie at whizzo.transsys.com:/a/obj/usr/src/sys/WHIZZO i386


FreeBSD 4-STABLE, using natd, ipfw, gif tunnels and the tcpmssd port

>Description:

Due to some unusual ipfw rules, it's not possible to divert packets to tcpmssd as
they are transmitted on a network interface.  This is because using the ipfw
'fwd' operation doesn't re-invoke the firewall on the packets as they are 
transmitted.

>How-To-Repeat:


>Fix:

Here's a patch to add an option to tcpmssd to cause it to act on packets in either direction.

--- tcpmssd.c.orig	Mon Jul 17 13:57:24 2000
+++ tcpmssd.c	Tue Apr  6 00:31:00 2004
@@ -51,6 +51,8 @@
 static void usage(void);
 
 int verbose;
+int both = 0;
+
 char pidfilename[MAXPATHLEN];
 
 /*-
@@ -83,8 +85,11 @@
 	ifindex = 0;
 	rtsock = -1;
 
-	while ((ch = getopt(argc, argv, "i:m:p:v")) != -1)
+	while ((ch = getopt(argc, argv, "bi:m:p:v")) != -1)
 		switch (ch) {
+		case 'b':
+			both = 1;
+			break;
 		case 'i':
 			if (!(ifindex = if_mtu(optarg, &mtu))) {
 				errx(1, "unknown interface %s", optarg);
@@ -217,7 +222,7 @@
 			 * TCP packets with zero fragment offset
 			 * and correct total and header lengths.
 			 */
-			if (sin.sin_addr.s_addr == INADDR_ANY &&
+			if ((both || sin.sin_addr.s_addr == INADDR_ANY) &&
 			    pip->ip_p == IPPROTO_TCP &&
 			    (ntohs(pip->ip_off) & IP_OFFMASK) == 0 &&
 			    ntohs(pip->ip_len) == pktlen &&
--- tcpmssd.8.orig	Tue Apr  6 00:31:14 2004
+++ tcpmssd.8	Tue Apr  6 00:34:07 2004
@@ -7,6 +7,7 @@
 .Nd TCP Maximum Segment Size option corrector
 .Sh SYNOPSIS
 .Nm
+.Op Fl b
 .Op Fl v
 .Fl p Ar port
 .Eo \&{
@@ -56,6 +57,14 @@
 option or derived from a network interface specified with the
 .Fl i
 option.
+.Pp
+If run with the
+.Fl b
+option,
+.Nm
+will attempt to update the TCP MSS option on both input and output
+TCP segments as delivered on the divert socket.  By default, only
+the outgoing segments are examined.
 .Pp
 If run with the
 .Fl v



>Release-Note:
>Audit-Trail:
>Unformatted:

