From 285dd90c37dedf44b18d9a1720124e5eb1bbc622 Mon Sep 17 00:00:00 2001
From: Apple <opensource@apple.com>
Date: Tue, 11 Mar 2003 03:40:55 +0000
Subject: [PATCH] network_cmds-115.2.tar.gz

---
 alias/alias.c        | 62 ++++++++++++++++++++++++++++++++++++++++++++
 alias/alias.h        |  3 +++
 natd.tproj/natd.8    |  9 ++++++-
 natd.tproj/natd.c    | 21 ++++++++++++---
 rlogin.tproj/krcmd.c |  2 +-
 rsh.tproj/rsh.c      |  4 +--
 6 files changed, 94 insertions(+), 7 deletions(-)

diff --git a/alias/alias.c b/alias/alias.c
index fffcae2..561245a 100644
--- a/alias/alias.c
+++ b/alias/alias.c
@@ -164,6 +164,9 @@
     TcpMonitorIn()  -- These routines monitor TCP connections, and
     TcpMonitorOut()    delete a link when a connection is closed.
 
+	DoMSSClamp()    -- Clamps the MSS of the given TCP header to the
+                       value in packetAliasMSS.
+
 These routines look for SYN, FIN and RST flags to determine when TCP
 connections open and close.  When a TCP connection closes, the data
 structure containing packet aliasing information is deleted after
@@ -176,6 +179,55 @@ static void TcpMonitorIn(struct ip *, struct alias_link *);
 static void TcpMonitorOut(struct ip *, struct alias_link *);
 
 
+static u_short packetAliasMSS;
+
+void PacketAliasClampMSS(u_short mss)
+{
+    packetAliasMSS = mss;
+}
+
+static void DoMSSClamp(struct tcphdr *tc)
+{
+    u_char *option    = (u_char *) tc + sizeof(*tc);
+    u_char *optionEnd = option + ((tc->th_off << 2) - sizeof(*tc));
+
+    while (optionEnd > option)
+    {
+        switch (option[0])
+        {
+            case TCPOPT_EOL:
+                option = optionEnd;
+                break;
+
+            case TCPOPT_NOP:
+                ++option;
+                break;
+
+            case TCPOPT_MAXSEG:
+                if (option[1] == 4)
+                {
+                    u_short *mssPtr = (u_short *) option + 1;
+                    u_short mssVal  = ntohs(*mssPtr);
+
+                    if (packetAliasMSS < mssVal)
+                    {
+                        int accumulate = mssVal;
+                        accumulate -= packetAliasMSS;
+                        *mssPtr = htons(packetAliasMSS);
+                        ADJUST_CHECKSUM(accumulate, tc->th_sum);
+                    }
+
+                    option = optionEnd;
+                }
+                break;
+
+            default:
+                option += option[1];
+                break;
+        }
+    }
+}
+
 static void
 TcpMonitorIn(struct ip *pip, struct alias_link *link)
 {
@@ -189,7 +241,12 @@ TcpMonitorIn(struct ip *pip, struct alias_link *link)
             if (tc->th_flags & TH_RST)
                 SetStateIn(link, ALIAS_TCP_STATE_DISCONNECTED);
             else if (tc->th_flags & TH_SYN)
+            {
                 SetStateIn(link, ALIAS_TCP_STATE_CONNECTED);
+
+                if (packetAliasMSS)
+                    DoMSSClamp(tc);
+            }
             break;
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & (TH_FIN | TH_RST))
@@ -211,7 +268,12 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
             if (tc->th_flags & TH_RST)
                 SetStateOut(link, ALIAS_TCP_STATE_DISCONNECTED);
             else if (tc->th_flags & TH_SYN)
+            {
                 SetStateOut(link, ALIAS_TCP_STATE_CONNECTED);
+
+                if (packetAliasMSS)
+                    DoMSSClamp(tc);
+            }
             break;
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & (TH_FIN | TH_RST))
diff --git a/alias/alias.h b/alias/alias.h
index 02d332d..a84dd6c 100644
--- a/alias/alias.h
+++ b/alias/alias.h
@@ -82,6 +82,9 @@ struct alias_link;
     PacketAliasSetFWBase(unsigned int, unsigned int);
 #endif
 
+    extern void
+    PacketAliasClampMSS(u_short mss);
+
 /* Packet Handling */
     extern int
     PacketAliasIn(char *, int maxpacketsize);
diff --git a/natd.tproj/natd.8 b/natd.tproj/natd.8
index c6f8e8e..e3786fa 100644
--- a/natd.tproj/natd.8
+++ b/natd.tproj/natd.8
@@ -1,5 +1,5 @@
 .\" manual page [] for natd 1.4
-.\"	$Id: natd.8,v 1.4 2002/05/10 00:51:01 mscopp Exp $
+.\"	$Id: natd.8,v 1.4.32.1 2003/03/11 00:59:15 mscopp Exp $
 .Dd June 27, 2000
 .Os Darwin
 .Dt NATD 8
@@ -32,6 +32,7 @@
 .Op Fl log_denied
 .Op Fl log_facility Ar facility_name
 .Op Fl punch_fw Ar firewall_range
+.Op Fl clamp_mss
 .Ek
 .Sh DESCRIPTION
 This program provides a Network Address Translation facility for use
@@ -460,6 +461,12 @@ rules starting from the rule number
 .Ar basenumber
 will be used for punching firewall holes.
 The range will be cleared for all rules on startup.
+.It Fl clamp_mss Xo
+.Xc
+This option enables MSS clamping.  The MSS value is derived from the
+MTU of the interface specified in the
+.Fl interface
+option.
 .El
 .Sh RUNNING NATD
 The following steps are necessary before attempting to run
diff --git a/natd.tproj/natd.c b/natd.tproj/natd.c
index bea14a9..d643767 100644
--- a/natd.tproj/natd.c
+++ b/natd.tproj/natd.c
@@ -136,6 +136,7 @@ static	u_short			outPort;
 static	u_short			inOutPort;
 static	struct in_addr		aliasAddr;
 static 	int			dynamicMode;
+static  int			clampMSS;
 static  int			ifMTU;
 static	int			aliasOverhead;
 static 	int			icmpSock;
@@ -199,9 +200,6 @@ int main (int argc, char** argv)
 	if (aliasAddr.s_addr == INADDR_NONE && ifName == NULL)
 		errx (1, "aliasing address not given");
 
-	if (aliasAddr.s_addr != INADDR_NONE && ifName != NULL)
-		errx (1, "both alias address and interface "
-			 "name are not allowed");
 /*
  * Check that valid port number is known.
  */
@@ -784,6 +782,8 @@ SetAliasAddressFromIfName(const char *ifn)
 			    strncmp(ifn, sdl->sdl_data, sdl->sdl_nlen) == 0) {
 				ifIndex = ifm->ifm_index;
 				ifMTU = ifm->ifm_data.ifi_mtu;
+				if (clampMSS)
+					PacketAliasClampMSS(ifMTU - sizeof(struct tcphdr) - sizeof(struct ip));
 				break;
 			}
 		}
@@ -793,6 +793,7 @@ SetAliasAddressFromIfName(const char *ifn)
 /*
  * Get interface address.
  */
+	if (aliasAddr.s_addr == INADDR_NONE) {
 	sin = NULL;
 	while (next < lim) {
 		ifam = (struct ifa_msghdr *)next;
@@ -828,6 +829,7 @@ SetAliasAddressFromIfName(const char *ifn)
 	PacketAliasSetAddress(sin->sin_addr);
 	syslog(LOG_INFO, "Aliasing to %s, mtu %d bytes",
 	       inet_ntoa(sin->sin_addr), ifMTU);
+	}
 
 	free(buf);
 }
@@ -888,6 +890,7 @@ enum Option {
 	RedirectAddress,
 	ConfigFile,
 	DynamicMode,
+	ClampMSS,
 	ProxyRule,
  	LogDenied,
  	LogFacility,
@@ -997,6 +1000,14 @@ static struct OptionInfo optionTable[] = {
 		"dynamic",
 		NULL },
 	
+	{ ClampMSS,
+		0,
+		YesNo,
+		"[yes|no]",
+		"enable TCP MSS clamping",
+		"clamp_mss",
+		NULL },
+	
 	{ InPort,
 		0,
 		Service,
@@ -1219,6 +1230,10 @@ static void ParseOption (const char* option, const char* parms)
 		dynamicMode = yesNoValue;
 		break;
 
+	case ClampMSS:
+		clampMSS = yesNoValue;
+		break;
+
 	case InPort:
 		inPort = uNumValue;
 		break;
diff --git a/rlogin.tproj/krcmd.c b/rlogin.tproj/krcmd.c
index 51c5a66..8f7710e 100644
--- a/rlogin.tproj/krcmd.c
+++ b/rlogin.tproj/krcmd.c
@@ -56,7 +56,7 @@
 
 
 /*
- *	$Source: /cvs/Darwin/src/live/network_cmds/rlogin.tproj/krcmd.c,v $
+ *	$Source: /cvs/root/network_cmds/rlogin.tproj/krcmd.c,v $
  *	$Header: /mit/kerberos/ucb/mit/kcmd/RCS/krcmd.c,v 5.1
  *		89/07/25 15:38:44 kfall Exp Locker: kfall $
  * static char *rcsid_kcmd_c =
diff --git a/rsh.tproj/rsh.c b/rsh.tproj/rsh.c
index 8e290a2..2e60f42 100644
--- a/rsh.tproj/rsh.c
+++ b/rsh.tproj/rsh.c
@@ -56,8 +56,8 @@
 
 
 /*
- * $Source: /cvs/Darwin/src/live/network_cmds/rsh.tproj/rsh.c,v $
- * $Header: /cvs/Darwin/src/live/network_cmds/rsh.tproj/rsh.c,v 1.1.1.1 1999/05/02 03:58:17 wsanchez Exp $
+ * $Source: /cvs/root/network_cmds/rsh.tproj/rsh.c,v $
+ * $Header: /cvs/root/network_cmds/rsh.tproj/rsh.c,v 1.1.1.1 1999/05/02 03:58:17 wsanchez Exp $
  */
 
 #include <sys/types.h>
-- 
2.45.2