File "mtu.sh"
Full path: /www/wwwroot/fabriciovc.eti.br/downloads/scripts/ZeNiX_2014-01-11/html_php/iptables/mtu.sh
File size: 1.07 KiB (1091 bytes)
MIME-type: text/x-shellscript
Charset: utf-8
#!/bin/bash
# Objetivo: forca um MSS fixo para remediar o problema do Path MTU Discovery
IPTABLES=`which iptables`
#
function compute_mss() {
local MTU
local IP_HEADER_LENGTH
local ESP_HEADER_LENGTH
local AH_HEADER_LENGTH
local IPSEC_HEADER_LENGTH
local ENCRYPTION_HEADER_LENGTH
local SUBTOTAL_DATA_LENGTH
local DISCARDED_DATA_LENGTH
local DATA_LENGTH
MTU=$1
IP_HEADER_LENGTH=40
ESP_HEADER_LENGTH=8
AH_HEADER_LENGTH=12
IPSEC_HEADER_LENGTH=`echo "$ESP_HEADER_LENGTH + $AH_HEADER_LENGTH" | bc`
ENCRYPTION_HEADER_LENGTH=16 #CBC initial value
SUBTOTAL_DATA_LENGTH=`echo "$MTU - $IP_HEADER_LENGTH - $IPSEC_HEADER_LENGTH - $ENCRYPTION_HEADER_LENGTH" | bc`
DISCARDED_DATA_LENGTH=`echo "$SUBTOTAL_DATA_LENGTH % 16" | bc`
DATA_LENGTH=`echo "$SUBTOTAL_DATA_LENGTH - $DISCARDED_DATA_LENGTH" | bc`
MSS=$DATA_LENGTH
}
#
MSS=-1
MTU=1255
compute_mss $MTU
#echo $MTU
#
$IPTABLES -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $MSS
$IPTABLES -I OUTPUT 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $MSS