network_cmds-115.2.tar.gz

diff --git a/alias/alias.c b/alias/alias.c
index fffcae238162f6d7fa9d05d3812a36f8fa0bc74c..561245a16caadc1490dc032a4bb06c2895e404ad 100644 (file)
--- a/alias/alias.c
+++ b/alias/alias.c
@@ -164,6 +164,9 @@
     TcpMonitorIn()  -- These routines monitor TCP connections, and
     TcpMonitorOut()    delete a link when a connection is closed.
 
     TcpMonitorIn()  -- These routines monitor TCP connections, and
     TcpMonitorOut()    delete a link when a connection is closed.
 

+       DoMSSClamp()    -- Clamps the MSS of the given TCP header to the
+                       value in packetAliasMSS.
+

 These routines look for SYN, FIN and RST flags to determine when TCP
 connections open and close.  When a TCP connection closes, the data
 structure containing packet aliasing information is deleted after
 These routines look for SYN, FIN and RST flags to determine when TCP
 connections open and close.  When a TCP connection closes, the data
 structure containing packet aliasing information is deleted after


@@ -176,6 +179,55 @@ static void TcpMonitorIn(struct ip *, struct alias_link *);
 static void TcpMonitorOut(struct ip *, struct alias_link *);
 
 
 static void TcpMonitorOut(struct ip *, struct alias_link *);
 
 

+static u_short packetAliasMSS;
+
+void PacketAliasClampMSS(u_short mss)
+{
+    packetAliasMSS = mss;
+}
+
+static void DoMSSClamp(struct tcphdr *tc)
+{
+    u_char *option    = (u_char *) tc + sizeof(*tc);
+    u_char *optionEnd = option + ((tc->th_off << 2) - sizeof(*tc));
+
+    while (optionEnd > option)
+    {
+        switch (option[0])
+        {
+            case TCPOPT_EOL:
+                option = optionEnd;
+                break;
+
+            case TCPOPT_NOP:
+                ++option;
+                break;
+
+            case TCPOPT_MAXSEG:
+                if (option[1] == 4)
+                {
+                    u_short *mssPtr = (u_short *) option + 1;
+                    u_short mssVal  = ntohs(*mssPtr);
+
+                    if (packetAliasMSS < mssVal)
+                    {
+                        int accumulate = mssVal;
+                        accumulate -= packetAliasMSS;
+                        *mssPtr = htons(packetAliasMSS);
+                        ADJUST_CHECKSUM(accumulate, tc->th_sum);
+                    }
+
+                    option = optionEnd;
+                }
+                break;
+
+            default:
+                option += option[1];
+                break;
+        }
+    }
+}
+

 static void
 TcpMonitorIn(struct ip *pip, struct alias_link *link)
 {
 static void
 TcpMonitorIn(struct ip *pip, struct alias_link *link)
 {


@@ -189,7 +241,12 @@ TcpMonitorIn(struct ip *pip, struct alias_link *link)
             if (tc->th_flags & TH_RST)
                 SetStateIn(link, ALIAS_TCP_STATE_DISCONNECTED);
             else if (tc->th_flags & TH_SYN)
             if (tc->th_flags & TH_RST)
                 SetStateIn(link, ALIAS_TCP_STATE_DISCONNECTED);
             else if (tc->th_flags & TH_SYN)

+            {

                 SetStateIn(link, ALIAS_TCP_STATE_CONNECTED);
                 SetStateIn(link, ALIAS_TCP_STATE_CONNECTED);

+
+                if (packetAliasMSS)
+                    DoMSSClamp(tc);
+            }

             break;
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & (TH_FIN | TH_RST))
             break;
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & (TH_FIN | TH_RST))


@@ -211,7 +268,12 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
             if (tc->th_flags & TH_RST)
                 SetStateOut(link, ALIAS_TCP_STATE_DISCONNECTED);
             else if (tc->th_flags & TH_SYN)
             if (tc->th_flags & TH_RST)
                 SetStateOut(link, ALIAS_TCP_STATE_DISCONNECTED);
             else if (tc->th_flags & TH_SYN)

+            {

                 SetStateOut(link, ALIAS_TCP_STATE_CONNECTED);
                 SetStateOut(link, ALIAS_TCP_STATE_CONNECTED);

+
+                if (packetAliasMSS)
+                    DoMSSClamp(tc);
+            }

             break;
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & (TH_FIN | TH_RST))
             break;
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & (TH_FIN | TH_RST))

diff --git a/alias/alias.h b/alias/alias.h
index 02d332d31bc57ac5b55f532d569505eaadff9e7d..a84dd6cbb7dea4b979040abfcd9ce76f241e3bd9 100644 (file)
--- a/alias/alias.h
+++ b/alias/alias.h
@@ -82,6 +82,9 @@ struct alias_link;
     PacketAliasSetFWBase(unsigned int, unsigned int);
 #endif
 
     PacketAliasSetFWBase(unsigned int, unsigned int);
 #endif
 

+    extern void
+    PacketAliasClampMSS(u_short mss);
+

 /* Packet Handling */
     extern int
     PacketAliasIn(char *, int maxpacketsize);
 /* Packet Handling */
     extern int
     PacketAliasIn(char *, int maxpacketsize);

diff --git a/natd.tproj/natd.8 b/natd.tproj/natd.8
index c6f8e8e490a6a7eedaee5196dfb6a39217a0dbf6..e3786fa5b8f149470005f4699f594c3f7253a217 100644 (file)
--- a/natd.tproj/natd.8
+++ b/natd.tproj/natd.8
@@ -1,5 +1,5 @@
 .\" manual page [] for natd 1.4
 .\" manual page [] for natd 1.4

-.\"    $Id: natd.8,v 1.4 2002/05/10 00:51:01 mscopp Exp $
+.\"    $Id: natd.8,v 1.4.32.1 2003/03/11 00:59:15 mscopp Exp $

 .Dd June 27, 2000
 .Os Darwin
 .Dt NATD 8
 .Dd June 27, 2000
 .Os Darwin
 .Dt NATD 8


@@ -32,6 +32,7 @@
 .Op Fl log_denied
 .Op Fl log_facility Ar facility_name
 .Op Fl punch_fw Ar firewall_range
 .Op Fl log_denied
 .Op Fl log_facility Ar facility_name
 .Op Fl punch_fw Ar firewall_range

+.Op Fl clamp_mss

 .Ek
 .Sh DESCRIPTION
 This program provides a Network Address Translation facility for use
 .Ek
 .Sh DESCRIPTION
 This program provides a Network Address Translation facility for use


@@ -460,6 +461,12 @@ rules starting from the rule number
 .Ar basenumber
 will be used for punching firewall holes.
 The range will be cleared for all rules on startup.
 .Ar basenumber
 will be used for punching firewall holes.
 The range will be cleared for all rules on startup.

+.It Fl clamp_mss Xo
+.Xc
+This option enables MSS clamping.  The MSS value is derived from the
+MTU of the interface specified in the
+.Fl interface
+option.

 .El
 .Sh RUNNING NATD
 The following steps are necessary before attempting to run
 .El
 .Sh RUNNING NATD
 The following steps are necessary before attempting to run

diff --git a/natd.tproj/natd.c b/natd.tproj/natd.c
index bea14a929c78b9603c3c1fce5c6422bfc299b63a..d6437672d216b5a7dc947bda7abc878a01469bd1 100644 (file)
--- a/natd.tproj/natd.c
+++ b/natd.tproj/natd.c
@@ -136,6 +136,7 @@ static      u_short                 outPort;
 static u_short                 inOutPort;
 static struct in_addr          aliasAddr;
 static         int                     dynamicMode;
 static u_short                 inOutPort;
 static struct in_addr          aliasAddr;
 static         int                     dynamicMode;

+static  int                    clampMSS;

 static  int                    ifMTU;
 static int                     aliasOverhead;
 static         int                     icmpSock;
 static  int                    ifMTU;
 static int                     aliasOverhead;
 static         int                     icmpSock;


@@ -199,9 +200,6 @@ int main (int argc, char** argv)
        if (aliasAddr.s_addr == INADDR_NONE && ifName == NULL)
                errx (1, "aliasing address not given");
 
        if (aliasAddr.s_addr == INADDR_NONE && ifName == NULL)
                errx (1, "aliasing address not given");
 

-       if (aliasAddr.s_addr != INADDR_NONE && ifName != NULL)
-               errx (1, "both alias address and interface "
-                        "name are not allowed");

 /*
  * Check that valid port number is known.
  */
 /*
  * Check that valid port number is known.
  */


@@ -784,6 +782,8 @@ SetAliasAddressFromIfName(const char *ifn)
                            strncmp(ifn, sdl->sdl_data, sdl->sdl_nlen) == 0) {
                                ifIndex = ifm->ifm_index;
                                ifMTU = ifm->ifm_data.ifi_mtu;
                            strncmp(ifn, sdl->sdl_data, sdl->sdl_nlen) == 0) {
                                ifIndex = ifm->ifm_index;
                                ifMTU = ifm->ifm_data.ifi_mtu;

+                               if (clampMSS)
+                                       PacketAliasClampMSS(ifMTU - sizeof(struct tcphdr) - sizeof(struct ip));

                                break;
                        }
                }
                                break;
                        }
                }


@@ -793,6 +793,7 @@ SetAliasAddressFromIfName(const char *ifn)
 /*
  * Get interface address.
  */
 /*
  * Get interface address.
  */

+       if (aliasAddr.s_addr == INADDR_NONE) {

        sin = NULL;
        while (next < lim) {
                ifam = (struct ifa_msghdr *)next;
        sin = NULL;
        while (next < lim) {
                ifam = (struct ifa_msghdr *)next;


@@ -828,6 +829,7 @@ SetAliasAddressFromIfName(const char *ifn)
        PacketAliasSetAddress(sin->sin_addr);
        syslog(LOG_INFO, "Aliasing to %s, mtu %d bytes",
               inet_ntoa(sin->sin_addr), ifMTU);
        PacketAliasSetAddress(sin->sin_addr);
        syslog(LOG_INFO, "Aliasing to %s, mtu %d bytes",
               inet_ntoa(sin->sin_addr), ifMTU);

+       }

 
        free(buf);
 }
 
        free(buf);
 }


@@ -888,6 +890,7 @@ enum Option {
        RedirectAddress,
        ConfigFile,
        DynamicMode,
        RedirectAddress,
        ConfigFile,
        DynamicMode,

+       ClampMSS,

        ProxyRule,
        LogDenied,
        LogFacility,
        ProxyRule,
        LogDenied,
        LogFacility,


@@ -997,6 +1000,14 @@ static struct OptionInfo optionTable[] = {
                "dynamic",
                NULL },
        
                "dynamic",
                NULL },
        

+       { ClampMSS,
+               0,
+               YesNo,
+               "[yes|no]",
+               "enable TCP MSS clamping",
+               "clamp_mss",
+               NULL },
+       

        { InPort,
                0,
                Service,
        { InPort,
                0,
                Service,


@@ -1219,6 +1230,10 @@ static void ParseOption (const char* option, const char* parms)
                dynamicMode = yesNoValue;
                break;
 
                dynamicMode = yesNoValue;
                break;
 

+       case ClampMSS:
+               clampMSS = yesNoValue;
+               break;
+

        case InPort:
                inPort = uNumValue;
                break;
        case InPort:
                inPort = uNumValue;
                break;

diff --git a/rlogin.tproj/krcmd.c b/rlogin.tproj/krcmd.c
index 51c5a66e61ca6eb200d31c9cce302081e1f8c73d..8f7710eeda95b3b198cc9bc86079af6652300c73 100644 (file)
--- a/rlogin.tproj/krcmd.c
+++ b/rlogin.tproj/krcmd.c
@@ -56,7 +56,7 @@
 
 
 /*
 
 
 /*

- *     $Source: /cvs/Darwin/src/live/network_cmds/rlogin.tproj/krcmd.c,v $
+ *     $Source: /cvs/root/network_cmds/rlogin.tproj/krcmd.c,v $

  *     $Header: /mit/kerberos/ucb/mit/kcmd/RCS/krcmd.c,v 5.1
  *             89/07/25 15:38:44 kfall Exp Locker: kfall $
  * static char *rcsid_kcmd_c =
  *     $Header: /mit/kerberos/ucb/mit/kcmd/RCS/krcmd.c,v 5.1
  *             89/07/25 15:38:44 kfall Exp Locker: kfall $
  * static char *rcsid_kcmd_c =

diff --git a/rsh.tproj/rsh.c b/rsh.tproj/rsh.c
index 8e290a297a7114414624822f1d7b93c11b063fdd..2e60f42c626dca752fcc03e93705890d4ba634fc 100644 (file)
--- a/rsh.tproj/rsh.c
+++ b/rsh.tproj/rsh.c
@@ -56,8 +56,8 @@
 
 
 /*
 
 
 /*

- * $Source: /cvs/Darwin/src/live/network_cmds/rsh.tproj/rsh.c,v $
- * $Header: /cvs/Darwin/src/live/network_cmds/rsh.tproj/rsh.c,v 1.1.1.1 1999/05/02 03:58:17 wsanchez Exp $
+ * $Source: /cvs/root/network_cmds/rsh.tproj/rsh.c,v $
+ * $Header: /cvs/root/network_cmds/rsh.tproj/rsh.c,v 1.1.1.1 1999/05/02 03:58:17 wsanchez Exp $

  */
 
 #include <sys/types.h>
  */
 
 #include <sys/types.h>