From nobody Wed Nov 09 16:04:20 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N6qXh42YNz4dBVB;
	Wed,  9 Nov 2022 16:04:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4N6qXh3WS3z4Ns8;
	Wed,  9 Nov 2022 16:04:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1668009860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qxZ26n3dNpPvZBkhPUcb1ivwCF+BofEyjjUs88hrVCc=;
	b=TOm8x95qvINcB7L6DhLv374jC17NlLPkHPklfLxsjES6545/X7zuvg+5y0yWd4nStkika6
	i7ts7cq+GeVnSKRUb7iOJ5/5QjxDWyzhLsAFsfAiF8af8s3Xw7fvsiXzZDCYoDlzI2irsc
	maGw8ksXa2Fn3c5KxvmdqXGWVTl7sgYXVz/6AGuM78sP60GYpg2UvMs0OJsLgL2Kl40GyN
	qFRQmjVKsLULa15dbrI2PT690BlzXOF+lylUeutXaVhjDwPlKXKMfCqHwdv+IE4chuUhVF
	ApMX7v8z1zaTdp71X6ZmfSUuJq7pI3Ooqnh5g8dLBW2bv12J5Qz8wkpJ8DdtvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1668009860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qxZ26n3dNpPvZBkhPUcb1ivwCF+BofEyjjUs88hrVCc=;
	b=Fiq/ixBiieCxMAXHwSZpSBsM4d7Y7gaDd3mOHqjkfe7ui8Y56VCDJW2MNh79JxtY08PM5X
	jToX7I0I9p8chE7qxBltwdXwEFl7G236XohCAicb8aqOQ88eHIKaqAlSMqKv1OCtkC4afr
	GoRmfdabgoYPc/gmkBNqVIVv3vJGQUVQv4zsHa23GVlGYKTC8IgG6IQwLga3Go3aI43hGv
	CNDmnSbnvV3fEVbuaxU9OLKAN4hAxHIrbDMzzGwAgGR2JuHoz0GYJYz2lXVgh828nz6cMG
	7s4nvanvyN4mKbm/OfSi5rNqJb29Dadt8d9ikuBT3bWqkf8UEeGV37tU8H0tGg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668009860; a=rsa-sha256; cv=none;
	b=RzHPU6JxLAudpudejG2Fd9TcFJ/Ehe+X59Zpc4iJtqgZ6WY9sPFNhXN0nE0np+IVD3WhUn
	fM9BdUUfT1TlDwJ1o6qmL1ONg2TS9Yw1tZNhfMwLjW+tAQry6+tTnYr8hNwaD/O2oFGQAy
	d65UdU9iDGuTomRTCXBYlCQ69OwR3ewKRDcerJ3ONC6rv3UqNxLddre+tzNq2175Hf/0q6
	+Ex2irW9R4WBlFbWofCyydrKr08Myxgkdx/G+0JHskLktOk9vjy9wo4UuUP2tUjQdVok0v
	+cdL+rVs0NWmjYI53J0AOVShcxEHpR7q1mbXclahPoVrd3N0LdbRJRsKl8XFyA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N6qXh2c74zS9p;
	Wed,  9 Nov 2022 16:04:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2A9G4KFd086283;
	Wed, 9 Nov 2022 16:04:20 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2A9G4KsS086282;
	Wed, 9 Nov 2022 16:04:20 GMT
	(envelope-from git)
Date: Wed, 9 Nov 2022 16:04:20 GMT
Message-Id: <202211091604.2A9G4KsS086282@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Subject: git: 0b00b801493a - main - ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rscheff
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 0b00b801493aa1d4996b0891ea58fbef343f85df
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by rscheff:

URL: https://cgit.FreeBSD.org/src/commit/?id=0b00b801493aa1d4996b0891ea58fbef343f85df

commit 0b00b801493aa1d4996b0891ea58fbef343f85df
Author:     Richard Scheffenegger <rscheff@FreeBSD.org>
AuthorDate: 2022-11-09 09:54:34 +0000
Commit:     Richard Scheffenegger <rscheff@FreeBSD.org>
CommitDate: 2022-11-09 10:19:19 +0000

    ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit
    
    The NAT module use of the tcphdr.th_x2 field now collides with the
    use of this TCP header flag as AccECN (AE) bit. Use the topmost
    bit instead to allow negotiation of AccECN across a NAT device.
    
    Event:                  IETF 115 Hackathon
    Reviewed By:            #transport, tuexen
    MFC after:              3 days
    Sponsored by:           NetApp, Inc.
    Differential Revision:  https://reviews.freebsd.org/D37300
---
 sys/netinet/libalias/alias_ftp.c    | 2 +-
 sys/netinet/libalias/alias_irc.c    | 2 +-
 sys/netinet/libalias/alias_proxy.c  | 2 +-
 sys/netinet/libalias/alias_skinny.c | 6 +++---
 sys/netinet/libalias/alias_smedia.c | 4 ++--
 sys/netinet/tcp.h                   | 3 +++
 sys/netpfil/ipfw/ip_fw_nat.c        | 4 ++--
 7 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c
index 962194ec0a68..b2fcfbf2396b 100644
--- a/sys/netinet/libalias/alias_ftp.c
+++ b/sys/netinet/libalias/alias_ftp.c
@@ -754,7 +754,7 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
 		/* Compute TCP checksum for revised packet */
 		tc->th_sum = 0;
 #ifdef _KERNEL
-		tc->th_x2 = 1;
+		tc->th_x2 = (TH_RES1 >> 8);
 #else
 		tc->th_sum = TcpChecksum(pip);
 #endif
diff --git a/sys/netinet/libalias/alias_irc.c b/sys/netinet/libalias/alias_irc.c
index 32e831742048..524b70b0632c 100644
--- a/sys/netinet/libalias/alias_irc.c
+++ b/sys/netinet/libalias/alias_irc.c
@@ -458,7 +458,7 @@ AliasHandleIrcOut(struct libalias *la,
 		/* Compute TCP checksum for revised packet */
 		tc->th_sum = 0;
 #ifdef _KERNEL
-		tc->th_x2 = 1;
+		tc->th_x2 = (TH_RES1 >> 8);
 #else
 		tc->th_sum = TcpChecksum(pip);
 #endif
diff --git a/sys/netinet/libalias/alias_proxy.c b/sys/netinet/libalias/alias_proxy.c
index 9b75b22a74b3..7efab1fdc8db 100644
--- a/sys/netinet/libalias/alias_proxy.c
+++ b/sys/netinet/libalias/alias_proxy.c
@@ -368,7 +368,7 @@ ProxyEncodeTcpStream(struct alias_link *lnk,
 
 	tc->th_sum = 0;
 #ifdef _KERNEL
-	tc->th_x2 = 1;
+	tc->th_x2 = (TH_RES1 >> 8);
 #else
 	tc->th_sum = TcpChecksum(pip);
 #endif
diff --git a/sys/netinet/libalias/alias_skinny.c b/sys/netinet/libalias/alias_skinny.c
index 8c933ba74b4a..70b3a29ddb40 100644
--- a/sys/netinet/libalias/alias_skinny.c
+++ b/sys/netinet/libalias/alias_skinny.c
@@ -216,7 +216,7 @@ alias_skinny_reg_msg(struct RegisterMessage *reg_msg, struct ip *pip,
 
 	tc->th_sum = 0;
 #ifdef _KERNEL
-	tc->th_x2 = 1;
+	tc->th_x2 = (TH_RES1 >> 8);
 #else
 	tc->th_sum = TcpChecksum(pip);
 #endif
@@ -259,7 +259,7 @@ alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip,
 
 	tc->th_sum = 0;
 #ifdef _KERNEL
-	tc->th_x2 = 1;
+	tc->th_x2 = (TH_RES1 >> 8);
 #else
 	tc->th_sum = TcpChecksum(pip);
 #endif
@@ -289,7 +289,7 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
 
 	tc->th_sum = 0;
 #ifdef _KERNEL
-	tc->th_x2 = 1;
+	tc->th_x2 = (TH_RES1 >> 8);
 #else
 	tc->th_sum = TcpChecksum(pip);
 #endif
diff --git a/sys/netinet/libalias/alias_smedia.c b/sys/netinet/libalias/alias_smedia.c
index 9b5a9d673ecf..c09c8e0c6d77 100644
--- a/sys/netinet/libalias/alias_smedia.c
+++ b/sys/netinet/libalias/alias_smedia.c
@@ -404,7 +404,7 @@ alias_rtsp_out(struct libalias *la, struct ip *pip,
 
 	tc->th_sum = 0;
 #ifdef _KERNEL
-	tc->th_x2 = 1;
+	tc->th_x2 = (TH_RES1 >> 8);
 #else
 	tc->th_sum = TcpChecksum(pip);
 #endif
@@ -451,7 +451,7 @@ alias_pna_out(struct libalias *la, struct ip *pip,
 				/* Compute TCP checksum for revised packet */
 				tc->th_sum = 0;
 #ifdef _KERNEL
-				tc->th_x2 = 1;
+				tc->th_x2 = (TH_RES1 >> 8);
 #else
 				tc->th_sum = TcpChecksum(pip);
 #endif
diff --git a/sys/netinet/tcp.h b/sys/netinet/tcp.h
index aa7f73f8be3c..371bb88b9b17 100644
--- a/sys/netinet/tcp.h
+++ b/sys/netinet/tcp.h
@@ -72,6 +72,9 @@ struct tcphdr {
 #define	TH_ECE	0x40
 #define	TH_CWR	0x80
 #define	TH_AE	0x100			/* maps into th_x2 */
+#define	TH_RES3	0x200
+#define	TH_RES2	0x400
+#define	TH_RES1	0x800
 #define	TH_FLAGS	(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|TH_ECE|TH_CWR)
 #define	PRINT_TH_FLAGS	"\20\1FIN\2SYN\3RST\4PUSH\5ACK\6URG\7ECE\10CWR\11AE"
 
diff --git a/sys/netpfil/ipfw/ip_fw_nat.c b/sys/netpfil/ipfw/ip_fw_nat.c
index d7b31c29d4ec..4dfe45494e2c 100644
--- a/sys/netpfil/ipfw/ip_fw_nat.c
+++ b/sys/netpfil/ipfw/ip_fw_nat.c
@@ -418,7 +418,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
 		struct tcphdr 	*th;
 
 		th = (struct tcphdr *)(ip + 1);
-		if (th->th_x2)
+		if (th->th_x2 & (TH_RES1 >> 8))
 			ldt = 1;
 	}
 
@@ -438,7 +438,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
 			 * Maybe it was set in
 			 * libalias...
 			 */
-			th->th_x2 = 0;
+			th->th_x2 &= ~(TH_RES1 >> 8);
 			th->th_sum = cksum;
 			mcl->m_pkthdr.csum_data =
 			    offsetof(struct tcphdr, th_sum);