[NETFILTER]: add IPv6-capable TCPMSS target (cdd289a2) · Commits · 戴 / test

include/linux/netfilter/Kbuild

+1 −0

Original line number	Diff line number	Diff line
		@@ -33,6 +33,7 @@ header-y += xt_tcpmss.h
		header-y += xt_tcpudp.h
		header-y += xt_SECMARK.h
		header-y += xt_CONNSECMARK.h
		header-y += xt_TCPMSS.h

		unifdef-y += nf_conntrack_common.h
		unifdef-y += nf_conntrack_ftp.h

0 → 100644

+10 −0

Original line number	Diff line number	Diff line
		#ifndef _XT_TCPMSS_H
		#define _XT_TCPMSS_H

		struct xt_tcpmss_info {
		u_int16_t mss;
		};

		#define XT_TCPMSS_CLAMP_PMTU 0xffff

		#endif /* _XT_TCPMSS_H */

+3 −4

Original line number	Diff line number	Diff line
		#ifndef _IPT_TCPMSS_H
		#define _IPT_TCPMSS_H

		struct ipt_tcpmss_info {
		u_int16_t mss;
		};
		#include <linux/netfilter/xt_TCPMSS.h>

		#define IPT_TCPMSS_CLAMP_PMTU 0xffff
		#define ipt_tcpmss_info xt_tcpmss_info
		#define IPT_TCPMSS_CLAMP_PMTU XT_TCPMSS_CLAMP_PMTU

		#endif /_IPT_TCPMSS_H/

+0 −26

Original line number	Diff line number	Diff line
		@@ -361,32 +361,6 @@ config IP_NF_TARGET_ULOG

		To compile it as a module, choose M here. If unsure, say N.

		config IP_NF_TARGET_TCPMSS
		tristate "TCPMSS target support"
		depends on IP_NF_IPTABLES
		---help---
		This option adds a `TCPMSS' target, which allows you to alter the
		MSS value of TCP SYN packets, to control the maximum size for that
		connection (usually limiting it to your outgoing interface's MTU
		minus 40).

		This is used to overcome criminally braindead ISPs or servers which
		block ICMP Fragmentation Needed packets. The symptoms of this
		problem are that everything works fine from your Linux
		firewall/router, but machines behind it can never exchange large
		packets:
		1) Web browsers connect, then hang with no data received.
		2) Small mail works fine, but large emails hang.
		3) ssh works fine, but scp hangs after initial handshaking.

		Workaround: activate this option and add a rule to your firewall
		configuration like:

		iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
		-j TCPMSS --clamp-mss-to-pmtu

		To compile it as a module, choose M here. If unsure, say N.

		# NAT + specific targets: ip_conntrack
		config IP_NF_NAT
		tristate "Full NAT"

+0 −1

Original line number	Diff line number	Diff line
		@@ -103,7 +103,6 @@ obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o
		obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
		obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
		obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
		obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o
		obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
		obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o