diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 7dd4f5e4..20dd8bc0 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -467,6 +467,8 @@ char cellular_ifname[32]; #define SYSEVENT_MAPT_PSID_VALUE "mapt_psid_value" #define SYSEVENT_MAPT_PSID_LENGTH "mapt_psid_length" +#define MAPT_V4_MTU_SIZE 1472 + BOOL isMAPTSet(void); static int do_wan_nat_lan_clients_mapt(FILE *fp); static char mapt_ip_address[BUFLEN_32]; @@ -1078,6 +1080,10 @@ int do_mapt_rules_v6(FILE *filter_fp) return ret; } +int getMaptMssClampVal() +{ + return (MAPT_V4_MTU_SIZE - IPV4_TOTAL_HEADER_SIZE ); +} /* ========================================================================== HUB4 MAPT Feature @@ -1168,7 +1174,7 @@ int do_mapt_rules_v4(FILE *nat_fp, FILE *filter_fp, FILE *mangle_fp) #if defined(NAT46_KERNEL_SUPPORT) if (strcmp ( devicePartnerId, "sky-uk") == 0) { - fprintf(mangle_fp, "-A PREROUTING -i %s -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss %d\n", NAT46_INTERFACE, NAT46_CLAMP_MSS); + fprintf(mangle_fp, "-A PREROUTING -i %s -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss %d\n", NAT46_INTERFACE, getMaptMssClampVal()); } #endif @@ -1183,15 +1189,15 @@ int do_mapt_rules_v4(FILE *nat_fp, FILE *filter_fp, FILE *mangle_fp) /* UK MAPT Not connected MQTT broker. */ if (strcmp ( devicePartnerId, "sky-uk") == 0) { fprintf(mangle_fp, "-A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o %s -j TCPMSS --set-mss %d" - "\n", NAT46_INTERFACE, NAT46_CLAMP_MSS); + "\n", NAT46_INTERFACE, getMaptMssClampVal()); }else { // TCP MSS RULE - SKYH4-5123 - To improve IPv4 Downstream traffic performance - fprintf(mangle_fp, "-A FORWARD -p tcp --tcp-flags SYN,RST SYN -o %s -j TCPMSS --set-mss %d\n", NAT46_INTERFACE, NAT46_CLAMP_MSS); + fprintf(mangle_fp, "-A FORWARD -p tcp --tcp-flags SYN,RST SYN -o %s -j TCPMSS --set-mss %d\n", NAT46_INTERFACE, getMaptMssClampVal()); } #elif defined (FEATURE_SUPPORT_MAPT_NAT46) // RDKB-40515 - [MAP-T] Gw to NOC connectivity failure fprintf(mangle_fp, "-A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o %s -j TCPMSS --set-mss %d" - "\n", NAT46_INTERFACE, NAT46_CLAMP_MSS); + "\n", NAT46_INTERFACE, getMaptMssClampVal()); #endif if (mapt_config_ratio == 1) //config all { @@ -9976,8 +9982,18 @@ static int do_lan2wan_misc(FILE *filter_fp) static void do_add_TCP_MSS_rules(FILE *mangle_fp) { - fprintf(mangle_fp, "-I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n"); - fprintf(mangle_fp, "-I OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n"); + FIREWALL_DEBUG("Entering do_add_TCP_MSS_rules\n"); + if(isMAPTReady) + { + fprintf(mangle_fp, "-I FORWARD -o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss %d\n", NAT46_INTERFACE, getMaptMssClampVal()); + fprintf(mangle_fp, "-I OUTPUT -o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss %d\n", NAT46_INTERFACE, getMaptMssClampVal()); + } + else + { + fprintf(mangle_fp, "-I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n"); + fprintf(mangle_fp, "-I OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n"); + } + } /* diff --git a/source/firewall/firewall.h b/source/firewall/firewall.h index a89ec934..783691e7 100644 --- a/source/firewall/firewall.h +++ b/source/firewall/firewall.h @@ -107,6 +107,9 @@ extern BOOL isMAPTReady; #endif //IHC_FEATURE_ENABLED #endif //_HUB4_PRODUCT_REQ_ +#define IPV4_TOTAL_HEADER_SIZE 40 +#define IPV6_TOTAL_HEADER_SIZE 60 + #define PORT_SCAN_CHECK_CHAIN "PORT_SCAN_CHK" #define PORT_SCAN_DROP_CHAIN "PORT_SCAN_DROP" diff --git a/source/firewall/firewall_ext.c b/source/firewall/firewall_ext.c index b603603b..a8874ca6 100644 --- a/source/firewall/firewall_ext.c +++ b/source/firewall/firewall_ext.c @@ -10,9 +10,6 @@ #include -#define IPV4_TOTAL_HEADER_SIZE 40 -#define IPV6_TOTAL_HEADER_SIZE 60 - #define MTU_SIZE 1500 #define PRIMARYLAN_L3NET "dmsb.MultiLAN.PrimaryLAN_l3net" #define HOMESECURITY_L3NET "dmsb.MultiLAN.HomeSecurity_l3net"