MFC r316435:

Add ipfw_pmod kernel module. The module is designed for modification of a packets of any protocols. For now it implements only TCP MSS modification. It adds the external action handler for "tcp-setmss" action. A rule with tcp-setmss action does additional check for protocol and TCP flags. If SYN flag is present, it parses TCP options and modifies MSS option if its value is greater than configured value in the rule. Then it adjustes TCP checksum if needed. After handling the search continues with the next rule. Obtained from: Yandex LLC Relnotes: yes Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D10150
author: ae <ae@FreeBSD.org> 2017-04-17 09:42:05 +0000
committer: ae <ae@FreeBSD.org> 2017-04-17 09:42:05 +0000
commit: fed97f3094ee0c71bc2ae864dce888257108122c (patch)
tree: 183af123a8e5234f5555cf59f3154a14ffa856ae /sys/conf/options
parent: 93c66f329a5c7a8161ceef873184cc5c7b69431c (diff)
download: FreeBSD-src-fed97f3094ee0c71bc2ae864dce888257108122c.zip
FreeBSD-src-fed97f3094ee0c71bc2ae864dce888257108122c.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/conf/options b/sys/conf/options
index 04697a6..f52b390 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -424,6 +424,7 @@ IPFIREWALL_NAT64_DIRECT_OUTPUT	opt_ipfw.h
 IPFIREWALL_NPTV6	opt_ipfw.h
 IPFIREWALL_VERBOSE	opt_ipfw.h
 IPFIREWALL_VERBOSE_LIMIT	opt_ipfw.h
+IPFIREWALL_PMOD		opt_ipfw.h
 IPSEC			opt_ipsec.h
 IPSEC_DEBUG		opt_ipsec.h
 IPSEC_SUPPORT		opt_ipsec.h
author	ae <ae@FreeBSD.org>	2017-04-17 09:42:05 +0000
committer	ae <ae@FreeBSD.org>	2017-04-17 09:42:05 +0000
commit	fed97f3094ee0c71bc2ae864dce888257108122c (patch)
tree	183af123a8e5234f5555cf59f3154a14ffa856ae /sys/conf/options
parent	93c66f329a5c7a8161ceef873184cc5c7b69431c (diff)
download	FreeBSD-src-fed97f3094ee0c71bc2ae864dce888257108122c.zip FreeBSD-src-fed97f3094ee0c71bc2ae864dce888257108122c.tar.gz