*** /home/xtang/src/ip_fil3.4.23/ip_nat.c	Tue Jan  1 22:40:24 2002
--- ./ip_nat.c	Tue Feb  5 11:35:10 2002
***************
*** 2462,2467 ****
--- 2465,2506 ----
  				 */
  				if (nat->nat_age == fr_tcpclosed)
  					nat->nat_age = fr_tcplastack;
+ #ifdef MSS_CLAMPING
+ 				/*
+ 				 * Do a MSS CLAMPING on a SYN packet, only deal IPv4 for now.
+ 				 */
+ 				if ((tcp->th_flags & TH_SYN) != 0)
+ 				{
+ 					int hlen = tcp->th_off << 2;
+ 					if (hlen > sizeof(*tcp)) {
+ 						uint8_t *cp = (uint8_t *)tcp + sizeof(*tcp);
+ 						uint32_t opt, mss, newmss, sumd;
+ 						
+ 						newmss = ifp->if_mtu - sizeof(struct ip) - sizeof(*tcp);
+ 						while (hlen > 0) {
+ 							opt = *cp++;
+ 							switch(opt) {
+ 							  case TCPOPT_MAXSEG:
+ 								++cp;
+ 								mss = (uint32_t)ntohs(*(short *)cp);
+ 								if (mss > newmss) {
+ 									*(short *)cp = htons((short)(newmss));
+ 									CALC_SUMD(mss, newmss, sumd);
+ 									fix_outcksum(fin, csump, sumd);
+ 								}
+ 								hlen = 0;
+ 								break;
+ 							  case TCPOPT_EOL:
+ 							  case TCPOPT_NOP:
+ 								hlen--;
+ 							  default:
+ 								hlen -= *cp;
+ 								cp += *cp - 2;
+ 							}
+ 						}
+ 					}
+ 				}
+ #endif
  				MUTEX_EXIT(&nat->nat_lock);
  			} else if (fin->fin_p == IPPROTO_UDP) {
  				udphdr_t *udp = (udphdr_t *)tcp;