Package: shorewall
Version: 3.2.6-2
Shorewall do not process mss=<value> in interface properly. It not only
decrease mss, but also increase the mss
Consider this scenario:
MTU 1500
A-----B--------\
\ MTU 700
E---F---------G---H
MTU 500 /
C-----D--------/
Router D adjust MSS to 460 and router F adjust mss to 660.
if C initialize a tcp connection to H, then H got an incorrect MSS of 660.
May be this patch is helpful, it prevent shorewall from increasing the mss.
#! /bin/sh /usr/share/dpatch/dpatch-run
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad shorewall-3.4.2~/lib.config shorewall-3.4.2/lib.config
--- shorewall-3.4.2~/lib.config 2007-04-02 06:47:18.000000000 +0800
+++ shorewall-3.4.2/lib.config 2007-06-14 01:02:01.000000000 +0800
@@ -427,7 +427,7 @@
if [ "$policy" != NONE ]; then
ensurechain $1
- run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--set-mss $2
+ run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss
$2:1500 -j TCPMSS --set-mss $2
fi
}
#
