From e8164ddc8204b626c1144a0a504754bf6622c6fd Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 2 Oct 2014 20:46:23 +0900
Subject: [PATCH] Fix MSS clamping.

http://ag/553410 added an iptables chain and rule to do MSS
clamping for tethered clients, but did not add the chain to any
other chains, so the rule had no effect.

Fix this by adding the chain to the proper forwarding chains.
Also rename some of the new variables and constants so they are
more consistent with the previous code.

Bug: 17552732
Bug: 17727533
Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c
---
 server/CommandListener.cpp | 6 ++++++
 server/NatController.cpp   | 6 ++----
 server/NatController.h     | 1 +
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp
index c1acb16..e2d2308 100644
--- a/server/CommandListener.cpp
+++ b/server/CommandListener.cpp
@@ -132,6 +132,11 @@ static const char* MANGLE_POSTROUTING[] = {
         NULL,
 };
 
+static const char* MANGLE_FORWARD[] = {
+        NatController::LOCAL_MANGLE_FORWARD,
+        NULL,
+};
+
 static const char* NAT_PREROUTING[] = {
         OEM_IPTABLES_NAT_PREROUTING,
         NULL,
@@ -217,6 +222,7 @@ CommandListener::CommandListener() :
     createChildChains(V4V6, "filter", "OUTPUT", FILTER_OUTPUT);
     createChildChains(V4V6, "raw", "PREROUTING", RAW_PREROUTING);
     createChildChains(V4V6, "mangle", "POSTROUTING", MANGLE_POSTROUTING);
+    createChildChains(V4, "mangle", "FORWARD", MANGLE_FORWARD);
     createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING);
     createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING);
 
diff --git a/server/NatController.cpp b/server/NatController.cpp
index d9a779c..e66d971 100644
--- a/server/NatController.cpp
+++ b/server/NatController.cpp
@@ -36,6 +36,7 @@
 #include "RouteController.h"
 
 const char* NatController::LOCAL_FORWARD = "natctrl_FORWARD";
+const char* NatController::LOCAL_MANGLE_FORWARD = "natctrl_mangle_FORWARD";
 const char* NatController::LOCAL_NAT_POSTROUTING = "natctrl_nat_POSTROUTING";
 const char* NatController::LOCAL_TETHER_COUNTERS_CHAIN = "natctrl_tether_counters";
 
@@ -97,10 +98,7 @@ int NatController::setupIptablesHooks() {
         {{IPTABLES_PATH, "-F", LOCAL_TETHER_COUNTERS_CHAIN,}, 0},
         {{IPTABLES_PATH, "-X", LOCAL_TETHER_COUNTERS_CHAIN,}, 0},
         {{IPTABLES_PATH, "-N", LOCAL_TETHER_COUNTERS_CHAIN,}, 1},
-        {{IPTABLES_PATH, "-t", "mangle", "-F", LOCAL_FORWARD,}, 0},
-        {{IPTABLES_PATH, "-t", "mangle", "-X", LOCAL_FORWARD,}, 0},
-        {{IPTABLES_PATH, "-t", "mangle", "-N", LOCAL_FORWARD,}, 1},
-        {{IPTABLES_PATH, "-t", "mangle", "-A", LOCAL_FORWARD, "-p", "tcp", "--tcp-flags",
+        {{IPTABLES_PATH, "-t", "mangle", "-A", LOCAL_MANGLE_FORWARD, "-p", "tcp", "--tcp-flags",
                 "SYN", "SYN", "-j", "TCPMSS", "--clamp-mss-to-pmtu"}, 0},
     };
     for (unsigned int cmdNum = 0; cmdNum < ARRAY_SIZE(defaultCommands); cmdNum++) {
diff --git a/server/NatController.h b/server/NatController.h
index 9102f46..f23bf84 100644
--- a/server/NatController.h
+++ b/server/NatController.h
@@ -31,6 +31,7 @@ public:
     int setupIptablesHooks();
 
     static const char* LOCAL_FORWARD;
+    static const char* LOCAL_MANGLE_FORWARD;
     static const char* LOCAL_NAT_POSTROUTING;
     static const char* LOCAL_TETHER_COUNTERS_CHAIN;
 
-- 
2.11.0