Fix MSS clamping.

http://ag/553410 added an iptables chain and rule to do MSS
clamping for tethered clients, but did not add the chain to any
other chains, so the rule had no effect.

Fix this by adding the chain to the proper forwarding chains.
Also rename some of the new variables and constants so they are
more consistent with the previous code.

Bug: 17552732
Bug: 17727533
Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c

diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp
index c1acb16..e2d2308 100644 (file)
--- a/server/CommandListener.cpp
+++ b/server/CommandListener.cpp
@@ -132,6 +132,11 @@ static const char* MANGLE_POSTROUTING[] = {
         NULL,
 };
 
+static const char* MANGLE_FORWARD[] = {
+        NatController::LOCAL_MANGLE_FORWARD,
+        NULL,
+};
+
 static const char* NAT_PREROUTING[] = {
         OEM_IPTABLES_NAT_PREROUTING,
         NULL,
@@ -217,6 +222,7 @@ CommandListener::CommandListener() :
     createChildChains(V4V6, "filter", "OUTPUT", FILTER_OUTPUT);
     createChildChains(V4V6, "raw", "PREROUTING", RAW_PREROUTING);
     createChildChains(V4V6, "mangle", "POSTROUTING", MANGLE_POSTROUTING);
+    createChildChains(V4, "mangle", "FORWARD", MANGLE_FORWARD);
     createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING);
     createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING);
 

diff --git a/server/NatController.cpp b/server/NatController.cpp
index d9a779c..e66d971 100644 (file)
--- a/server/NatController.cpp
+++ b/server/NatController.cpp
@@ -36,6 +36,7 @@
 #include "RouteController.h"
 
 const char* NatController::LOCAL_FORWARD = "natctrl_FORWARD";
+const char* NatController::LOCAL_MANGLE_FORWARD = "natctrl_mangle_FORWARD";
 const char* NatController::LOCAL_NAT_POSTROUTING = "natctrl_nat_POSTROUTING";
 const char* NatController::LOCAL_TETHER_COUNTERS_CHAIN = "natctrl_tether_counters";
 
@@ -97,10 +98,7 @@ int NatController::setupIptablesHooks() {
         {{IPTABLES_PATH, "-F", LOCAL_TETHER_COUNTERS_CHAIN,}, 0},
         {{IPTABLES_PATH, "-X", LOCAL_TETHER_COUNTERS_CHAIN,}, 0},
         {{IPTABLES_PATH, "-N", LOCAL_TETHER_COUNTERS_CHAIN,}, 1},
-        {{IPTABLES_PATH, "-t", "mangle", "-F", LOCAL_FORWARD,}, 0},
-        {{IPTABLES_PATH, "-t", "mangle", "-X", LOCAL_FORWARD,}, 0},
-        {{IPTABLES_PATH, "-t", "mangle", "-N", LOCAL_FORWARD,}, 1},
-        {{IPTABLES_PATH, "-t", "mangle", "-A", LOCAL_FORWARD, "-p", "tcp", "--tcp-flags",
+        {{IPTABLES_PATH, "-t", "mangle", "-A", LOCAL_MANGLE_FORWARD, "-p", "tcp", "--tcp-flags",
                 "SYN", "SYN", "-j", "TCPMSS", "--clamp-mss-to-pmtu"}, 0},
     };
     for (unsigned int cmdNum = 0; cmdNum < ARRAY_SIZE(defaultCommands); cmdNum++) {

diff --git a/server/NatController.h b/server/NatController.h
index 9102f46..f23bf84 100644 (file)
--- a/server/NatController.h
+++ b/server/NatController.h
@@ -31,6 +31,7 @@ public:
     int setupIptablesHooks();
 
     static const char* LOCAL_FORWARD;
+    static const char* LOCAL_MANGLE_FORWARD;
     static const char* LOCAL_NAT_POSTROUTING;
     static const char* LOCAL_TETHER_COUNTERS_CHAIN;