2 * mss_clamp_node.c - Node implementing TCP MSS clamping
4 * Copyright (c) 2018 Cisco and/or its affiliates
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 #include <vlib/vlib.h>
18 #include <vnet/vnet.h>
19 #include <vnet/pg/pg.h>
20 #include <vppinfra/error.h>
21 #include <mss_clamp/mss_clamp.h>
22 #include <mss_clamp/mss_clamp.api_enum.h>
23 #include <vnet/fib/fib_types.h>
24 #include <vnet/feature/feature.h>
25 #include <vnet/ip/ip4.h>
26 #include <vnet/ip/ip6.h>
27 #include <vnet/tcp/tcp_packet.h>
29 extern vlib_node_registration_t mssc_ip4_in_node, mssc_ip4_out_node;
30 extern vlib_node_registration_t mssc_ip6_in_node, mssc_ip6_out_node;
32 typedef struct mssc_trace_t_
38 /* packet trace format function */
40 format_mssc_trace (u8 *s, va_list *args)
42 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
43 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
44 mssc_trace_t *t = va_arg (*args, mssc_trace_t *);
46 s = format (s, "max mss: %d clamped: %d", t->max_mss, t->clamped);
57 * fixup the maximum segment size if it's a syn packet
58 * return 1 if the mss was changed otherwise 0
61 mssc_mss_fixup (vlib_buffer_t *b0, tcp_header_t *tcp0, u16 max_mss0)
65 if (PREDICT_FALSE (tcp_syn (tcp0)))
67 u8 opt_len, opts_len, kind;
71 opts_len = (tcp_doff (tcp0) << 2) - sizeof (tcp_header_t);
72 data = (const u8 *) (tcp0 + 1);
74 for (; opts_len > 0; opts_len -= opt_len, data += opt_len)
78 /* Get options length */
79 if (kind == TCP_OPTION_EOL)
81 else if (kind == TCP_OPTION_NOOP)
93 /* weird option length */
94 if (opt_len < 2 || opt_len > opts_len)
98 if (kind == TCP_OPTION_MSS)
100 mss0 = *(u16 *) (data + 2);
101 if (clib_net_to_host_u16 (mss0) > max_mss0)
103 new_mss0 = clib_host_to_net_u16 (max_mss0);
104 *((u16 *) (data + 2)) = new_mss0;
105 sum0 = tcp0->checksum;
106 sum0 = ip_csum_update (sum0, mss0, new_mss0, tcp_header_t,
108 tcp0->checksum = ip_csum_fold (sum0);
119 mssc_inline (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame,
120 vlib_dir_t dir, fib_protocol_t fproto)
122 mssc_main_t *cm = &mssc_main;
123 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
124 u16 nexts[VLIB_FRAME_SIZE], *next;
126 u32 pkts_clamped = 0;
128 from = vlib_frame_vector_args (frame);
129 n_left = frame->n_vectors;
133 vlib_get_buffers (vm, from, bufs, n_left);
137 u32 sw_if_index0, sw_if_index1;
139 u32 clamped0, clamped1;
141 /* Prefetch next iteration. */
143 vlib_prefetch_buffer_header (b[2], LOAD);
144 vlib_prefetch_buffer_header (b[3], LOAD);
145 vlib_prefetch_buffer_data (b[2], LOAD);
146 vlib_prefetch_buffer_data (b[3], LOAD);
149 sw_if_index0 = vnet_buffer (b[0])->sw_if_index[dir];
150 sw_if_index1 = vnet_buffer (b[1])->sw_if_index[dir];
151 clamped0 = clamped1 = 0;
153 /* speculatively enqueue b0 to the current next frame */
154 vnet_feature_next_u16 (&next[0], b[0]);
155 vnet_feature_next_u16 (&next[1], b[1]);
157 h0 = (u8 *) vlib_buffer_get_current (b[0]);
158 h1 = (u8 *) vlib_buffer_get_current (b[1]);
161 h0 += vnet_buffer (b[0])->ip.save_rewrite_length;
162 h1 += vnet_buffer (b[1])->ip.save_rewrite_length;
165 if (FIB_PROTOCOL_IP4 == fproto)
167 ip4_header_t *ip0 = (ip4_header_t *) h0;
168 ip4_header_t *ip1 = (ip4_header_t *) h1;
170 if (IP_PROTOCOL_TCP == ip0->protocol)
172 clamped0 = mssc_mss_fixup (b[0], ip4_next_header (ip0),
173 cm->max_mss4[sw_if_index0]);
175 if (IP_PROTOCOL_TCP == ip1->protocol)
177 clamped1 = mssc_mss_fixup (b[1], ip4_next_header (ip1),
178 cm->max_mss4[sw_if_index1]);
181 else if (FIB_PROTOCOL_IP6 == fproto)
183 ip6_header_t *ip0 = (ip6_header_t *) h0;
184 ip6_header_t *ip1 = (ip6_header_t *) h1;
186 ip6_ext_header_find (vm, b[0], ip0, IP_PROTOCOL_TCP, NULL);
188 ip6_ext_header_find (vm, b[1], ip1, IP_PROTOCOL_TCP, NULL);
191 clamped0 = mssc_mss_fixup (b[0], tcp0, cm->max_mss6[sw_if_index0]);
193 clamped1 = mssc_mss_fixup (b[1], tcp1, cm->max_mss6[sw_if_index1]);
196 pkts_clamped += clamped0 + clamped1;
198 if (PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE))
200 if (b[0]->flags & VLIB_BUFFER_IS_TRACED)
204 t = vlib_add_trace (vm, node, b[0], sizeof (*t));
205 t->max_mss = (FIB_PROTOCOL_IP4 == fproto) ?
206 cm->max_mss4[sw_if_index0] :
207 cm->max_mss6[sw_if_index0];
208 t->clamped = clamped0;
210 if (b[1]->flags & VLIB_BUFFER_IS_TRACED)
214 t = vlib_add_trace (vm, node, b[1], sizeof (*t));
215 t->max_mss = (FIB_PROTOCOL_IP4 == fproto) ?
216 cm->max_mss4[sw_if_index1] :
217 cm->max_mss6[sw_if_index1];
218 t->clamped = clamped1;
233 sw_if_index0 = vnet_buffer (b[0])->sw_if_index[dir];
236 /* speculatively enqueue b0 to the current next frame */
237 vnet_feature_next_u16 (&next[0], b[0]);
239 h0 = (u8 *) vlib_buffer_get_current (b[0]);
241 h0 += vnet_buffer (b[0])->ip.save_rewrite_length;
243 if (FIB_PROTOCOL_IP4 == fproto)
245 ip4_header_t *ip0 = (ip4_header_t *) h0;
247 if (IP_PROTOCOL_TCP == ip0->protocol)
249 clamped0 = mssc_mss_fixup (b[0], ip4_next_header (ip0),
250 cm->max_mss4[sw_if_index0]);
253 else if (FIB_PROTOCOL_IP6 == fproto)
255 ip6_header_t *ip0 = (ip6_header_t *) h0;
257 ip6_ext_header_find (vm, b[0], ip0, IP_PROTOCOL_TCP, NULL);
260 clamped0 = mssc_mss_fixup (b[0], tcp0, cm->max_mss6[sw_if_index0]);
263 pkts_clamped += clamped0;
265 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
266 (b[0]->flags & VLIB_BUFFER_IS_TRACED)))
270 t = vlib_add_trace (vm, node, b[0], sizeof (*t));
271 t->max_mss = (FIB_PROTOCOL_IP4 == fproto) ?
272 cm->max_mss4[sw_if_index0] :
273 cm->max_mss6[sw_if_index0];
274 t->clamped = clamped0;
282 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
283 vlib_node_increment_counter (vm, node->node_index, MSS_CLAMP_ERROR_CLAMPED,
286 return frame->n_vectors;
290 mssc_ip4_in (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
292 return (mssc_inline (vm, node, frame, VLIB_RX, FIB_PROTOCOL_IP4));
296 mssc_ip4_out (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
298 return (mssc_inline (vm, node, frame, VLIB_TX, FIB_PROTOCOL_IP4));
302 mssc_ip6_in (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
304 return (mssc_inline (vm, node, frame, VLIB_RX, FIB_PROTOCOL_IP6));
308 mssc_ip6_out (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
310 return (mssc_inline (vm, node, frame, VLIB_TX, FIB_PROTOCOL_IP6));
313 VLIB_REGISTER_NODE (mssc_ip4_in_node) =
315 .function = mssc_ip4_in,
316 .name = "tcp-mss-clamping-ip4-in",
317 .vector_size = sizeof (u32),
318 .format_trace = format_mssc_trace,
319 .type = VLIB_NODE_TYPE_INTERNAL,
321 .n_errors = MSS_CLAMP_N_ERROR,
322 .error_counters = mss_clamp_error_counters,
324 .n_next_nodes = MSSC_N_NEXT,
326 [MSSC_NEXT_DROP] = "error-drop",
330 VLIB_REGISTER_NODE (mssc_ip4_out_node) =
332 .function = mssc_ip4_out,
333 .name = "tcp-mss-clamping-ip4-out",
334 .vector_size = sizeof (u32),
335 .format_trace = format_mssc_trace,
336 .type = VLIB_NODE_TYPE_INTERNAL,
338 .n_errors = MSS_CLAMP_N_ERROR,
339 .error_counters = mss_clamp_error_counters,
341 .n_next_nodes = MSSC_N_NEXT,
343 [MSSC_NEXT_DROP] = "error-drop",
347 VLIB_REGISTER_NODE (mssc_ip6_in_node) =
349 .function = mssc_ip6_in,
350 .name = "tcp-mss-clamping-ip6-in",
351 .vector_size = sizeof (u32),
352 .format_trace = format_mssc_trace,
353 .type = VLIB_NODE_TYPE_INTERNAL,
355 .n_errors = MSS_CLAMP_N_ERROR,
356 .error_counters = mss_clamp_error_counters,
358 .n_next_nodes = MSSC_N_NEXT,
360 [MSSC_NEXT_DROP] = "error-drop",
364 VLIB_REGISTER_NODE (mssc_ip6_out_node) =
366 .function = mssc_ip6_out,
367 .name = "tcp-mss-clamping-ip6-out",
368 .vector_size = sizeof (u32),
369 .format_trace = format_mssc_trace,
370 .type = VLIB_NODE_TYPE_INTERNAL,
372 .n_errors = MSS_CLAMP_N_ERROR,
373 .error_counters = mss_clamp_error_counters,
375 .n_next_nodes = MSSC_N_NEXT,
377 [MSSC_NEXT_DROP] = "error-drop",
381 VNET_FEATURE_INIT (mssc_ip4_in_feat, static) = {
382 .arc_name = "ip4-unicast",
383 .node_name = "tcp-mss-clamping-ip4-in",
384 .runs_after = VNET_FEATURES ("ip4-policer-classify"),
387 VNET_FEATURE_INIT (mssc_ip4_out_feat, static) = {
388 .arc_name = "ip4-output",
389 .node_name = "tcp-mss-clamping-ip4-out",
392 VNET_FEATURE_INIT (mssc_ip6_in_feat, static) = {
393 .arc_name = "ip6-unicast",
394 .node_name = "tcp-mss-clamping-ip6-in",
395 .runs_after = VNET_FEATURES ("ip6-policer-classify"),
398 VNET_FEATURE_INIT (mssc_ip6_out_feat, static) = {
399 .arc_name = "ip6-output",
400 .node_name = "tcp-mss-clamping-ip6-out",
404 * fd.io coding-style-patch-verification: ON
407 * eval: (c-set-style "gnu")