#include <vppinfra/hash.h>
#include <vppinfra/error.h>
#include <vppinfra/elog.h>
+#include <nat/lib/nat_inlines.h>
typedef struct
{
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */ ,
length /* changed member */ );
- mss_clamping (sm, tcp0, &sum0);
+ mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
tcp_packets++;
sum1 = ip_csum_update (sum1, old_port1, new_port1,
ip4_header_t /* cheat */ ,
length /* changed member */ );
- mss_clamping (sm, tcp1, &sum1);
+ mss_clamping (sm->mss_clamping, tcp1, &sum1);
tcp1->checksum = ip_csum_fold (sum1);
}
tcp_packets++;
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */ ,
length /* changed member */ );
- mss_clamping (sm, tcp0, &sum0);
+ mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
tcp_packets++;
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */ ,
length /* changed member */ );
- mss_clamping (sm, tcp0, &sum0);
+ mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
else if (udp0->checksum)
sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
ip4_header_t,
dst_address /* changed member */ );
- mss_clamping (sm, tcp0, &sum0);
+ mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
else if (udp0->checksum)
#include <nat/nat_syslog.h>
#include <nat/nat_ha.h>
#include <nat/nat44/ed_inlines.h>
+#include <nat/lib/nat_inlines.h>
static char *nat_in2out_ed_error_strings[] = {
#define _(sym,string) string,
tcp0->dst_port = s0->ext_host_port;
ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
}
- mss_clamping (sm, tcp0, &sum0);
+ mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
tcp_packets++;
tcp0->dst_port = s0->ext_host_port;
ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
}
- mss_clamping (sm, tcp0, &sum0);
+ mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
tcp_packets++;
--- /dev/null
+/*
+ * Copyright (c) 2020 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vnet/tcp/tcp_packet.h>
+#include <vnet/ip/ip4_packet.h>
+
+always_inline void
+mss_clamping (u16 mss_clamping, tcp_header_t * tcp, ip_csum_t * sum)
+{
+ u8 *data;
+ u8 opt_len, opts_len, kind;
+ u16 mss;
+
+ if (!(mss_clamping && tcp_syn (tcp)))
+ return;
+
+ opts_len = (tcp_doff (tcp) << 2) - sizeof (tcp_header_t);
+ data = (u8 *) (tcp + 1);
+ for (; opts_len > 0; opts_len -= opt_len, data += opt_len)
+ {
+ kind = data[0];
+
+ if (kind == TCP_OPTION_EOL)
+ break;
+ else if (kind == TCP_OPTION_NOOP)
+ {
+ opt_len = 1;
+ continue;
+ }
+ else
+ {
+ if (opts_len < 2)
+ return;
+ opt_len = data[1];
+
+ if (opt_len < 2 || opt_len > opts_len)
+ return;
+ }
+
+ if (kind == TCP_OPTION_MSS)
+ {
+ mss = *(u16 *) (data + 2);
+ if (clib_net_to_host_u16 (mss) > mss_clamping)
+ {
+ u16 mss_value_net = clib_host_to_net_u16(mss_clamping);
+ *sum =
+ ip_csum_update (*sum, mss, mss_value_net, ip4_header_t,
+ length);
+ clib_memcpy_fast (data + 2, &mss_value_net, 2);
+ }
+ return;
+ }
+ }
+}
/* TCP MSS clamping */
u16 mss_clamping;
- u16 mss_value_net;
/* counters/gauges */
vlib_simple_counter_main_t total_users;
if (unformat (line_input, "disable"))
sm->mss_clamping = 0;
else if (unformat (line_input, "%d", &mss))
- {
- sm->mss_clamping = (u16) mss;
- sm->mss_value_net = clib_host_to_net_u16 (sm->mss_clamping);
- }
+ sm->mss_clamping = (u16) mss;
else
{
error = clib_error_return (0, "unknown input '%U'",
#include <nat/nat_inlines.h>
#include <vnet/ip/ip6_to_ip4.h>
#include <vnet/fib/fib_table.h>
+#include <nat/lib/nat_inlines.h>
typedef struct
{
csum = ip_csum_add_even (csum, ip4->src_address.as_u32);
csum = ip_csum_sub_even (csum, sport);
csum = ip_csum_add_even (csum, udp->src_port);
- mss_clamping (nm->sm, tcp, &csum);
+ mss_clamping (nm->sm->mss_clamping, tcp, &csum);
tcp->checksum = ip_csum_fold (csum);
nat64_tcp_session_set_state (ste, tcp, 1);
int rv = 0;
if (mp->enable)
- {
- sm->mss_clamping = ntohs (mp->mss_value);
- sm->mss_value_net = mp->mss_value;
- }
+ sm->mss_clamping = ntohs (mp->mss_value);
else
sm->mss_clamping = 0;
#include <nat/nat.h>
#include <nat/nat_det.h>
#include <nat/nat_inlines.h>
+#include <nat/lib/nat_inlines.h>
typedef struct
{
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */ ,
length /* changed member */ );
- mss_clamping (sm, tcp0, &sum0);
+ mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
else
sum1 = ip_csum_update (sum1, old_port1, new_port1,
ip4_header_t /* cheat */ ,
length /* changed member */ );
- mss_clamping (sm, tcp1, &sum1);
+ mss_clamping (sm->mss_clamping, tcp1, &sum1);
tcp1->checksum = ip_csum_fold (sum1);
}
else
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */ ,
length /* changed member */ );
- mss_clamping (sm, tcp0, &sum0);
+ mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
else
return 0;
}
-always_inline void
-mss_clamping (snat_main_t * sm, tcp_header_t * tcp, ip_csum_t * sum)
-{
- u8 *data;
- u8 opt_len, opts_len, kind;
- u16 mss;
-
- if (!(sm->mss_clamping && tcp_syn (tcp)))
- return;
-
- opts_len = (tcp_doff (tcp) << 2) - sizeof (tcp_header_t);
- data = (u8 *) (tcp + 1);
- for (; opts_len > 0; opts_len -= opt_len, data += opt_len)
- {
- kind = data[0];
-
- if (kind == TCP_OPTION_EOL)
- break;
- else if (kind == TCP_OPTION_NOOP)
- {
- opt_len = 1;
- continue;
- }
- else
- {
- if (opts_len < 2)
- return;
- opt_len = data[1];
-
- if (opt_len < 2 || opt_len > opts_len)
- return;
- }
-
- if (kind == TCP_OPTION_MSS)
- {
- mss = *(u16 *) (data + 2);
- if (clib_net_to_host_u16 (mss) > sm->mss_clamping)
- {
- *sum =
- ip_csum_update (*sum, mss, sm->mss_value_net, ip4_header_t,
- length);
- clib_memcpy_fast (data + 2, &sm->mss_value_net, 2);
- }
- return;
- }
- }
-}
-
/**
* @brief Check if packet should be translated
*
Code Review / vpp.git / commitdiff