# HG changeset patch
# Parent 7f4d0666d9627248b57464816ba881247ebfad6c
Clamp MSS to fix broken fragmentation.

diff --git a/native/tether/tetherStartStop.cpp b/native/tether/tetherStartStop.cpp
--- a/native/tether/tetherStartStop.cpp
+++ b/native/tether/tetherStartStop.cpp
@@ -13,6 +13,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/syscall.h>
+#include <sys/wait.h>
 
 char NETWORK[20];
 char GATEWAY[20];
@@ -158,12 +159,22 @@
 		returncode = system("/data/data/android.tether.usb/bin/iptables -t nat -F");
 	}
 	if (returncode == 0) {
+		returncode = system("/data/data/android.tether.usb/bin/iptables -t mangle -F");
+		if (returncode != -1 && WIFEXITED(returncode) && WEXITSTATUS(returncode) == 3)
+			returncode = 0;
+	}
+	if (returncode == 0) {
 		returncode = system("/data/data/android.tether.usb/bin/iptables -X");
 	}
 	if (returncode == 0) {
 		returncode = system("/data/data/android.tether.usb/bin/iptables -t nat -X");
 	}
 	if (returncode == 0) {
+		returncode = system("/data/data/android.tether.usb/bin/iptables -t mangle -X");
+		if (returncode != -1 && WIFEXITED(returncode) && WEXITSTATUS(returncode) == 3)
+			returncode = 0;
+	}
+	if (returncode == 0) {
 		returncode = system("/data/data/android.tether.usb/bin/iptables -P FORWARD ACCEPT");
 	}
 	writelog(returncode,(char *)"Tearing down firewall rules");
@@ -177,6 +188,11 @@
 		returncode = system("/data/data/android.tether.usb/bin/iptables -F -t nat");
 	}
 	if (returncode == 0) {
+		returncode = system("/data/data/android.tether.usb/bin/iptables -F -t mangle");
+		if (returncode != -1 && WIFEXITED(returncode) && WEXITSTATUS(returncode) == 3)
+			returncode = 0;
+	}
+	if (returncode == 0) {
 		returncode = system("/data/data/android.tether.usb/bin/iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT");
 	}
 	if (returncode == 0) {
@@ -190,6 +206,12 @@
 		sprintf(command, "/data/data/android.tether.usb/bin/iptables -t nat -I POSTROUTING -s %s/30 -j MASQUERADE", NETWORK);
 		returncode = system(command);
 	}
+	if (returncode == 0) {
+		sprintf(command, "/data/data/android.tether.usb/bin/iptables -t mangle -I FORWARD -s %s/30 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu", NETWORK);
+		returncode = system(command);
+		if (returncode != -1 && WIFEXITED(returncode) && WEXITSTATUS(returncode) == 3)
+			returncode = 0;
+	}
 	writelog(returncode,(char *)"Setting up firewall rules");
 }