From nobody Thu Feb 02 00:04:15 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P6fCg72kgz3cPpY; Thu, 2 Feb 2023 00:04:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P6fCg6XcXz3kWS; Thu, 2 Feb 2023 00:04:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675296255; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jIUBQCs8pYnX7nhFwkAIexapXS8YP3F/UMTL5yff1VQ=; b=yvq8I1amWbq2mEK67ZOCh9ouyo5mmnKi7Cj8ISeu7Q4r4zGaPv/nrkfyZbQ5HBiywpmO2m cD7xm3T/kEakh6o+qXCygbgKajH3fhoqc63rMKFCJX+UdcHUGUeEHX8VbbnXV2i2nE8mNR nR1BTxHUoGv5wkyRF6+MMcw9S0wfnvBZYSjugE9gHSG/FhmBZ4x1MXWS45b1AaJrqx9G3W LJlrpF59aWd1IvcdfwnhtqcxPaGd4bjmZCjS1sYW8GyvbUAGD8ZjuHwgnehAzK9MnaDWRJ zfmGBe1kiSVTcSbUHU8tHiJkwIuj0KlrW8NI2FQJXwlU3+psDFbZ4qOE35f30A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675296255; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jIUBQCs8pYnX7nhFwkAIexapXS8YP3F/UMTL5yff1VQ=; b=PMf6Jn6+/XtltY0QAudw2dSLU8XY8zhYcpyfKosBXbgi+cQpfRoKTCPcubDREEtM1pd3Nm be1WzYk9w5l21u4U0iklwVcEgfukmLKiy2faUkJM5YpCzPoG/XF1orMSM/FFH3boEyI7t5 JT/3iKx7rT55b83W2nh3/606/DUAIyInK9QVpDCSqdZouHBmTYuz5YJ8xNRNHfU53dArZB 2TvRhX75orB3rT6CgPFxW2KXpA9Gqg7emBE2dwZkWBy74XMi2/NmvId6oTzZlbsHVAh99s OyF8HyILh0q5Os0Qlg8v0jcctWWeEDtFwjIO9C5pZZLhh/ooKimd7kHHIOBVXw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675296255; a=rsa-sha256; cv=none; b=bJaBcXZsNHP7up1Ib8As7Dq927WHD8aKQ2LFewcTAJTgdiLQvSwfs0I3r9GwOg0jf7e0Qx hOnF6cdbgdWTkyf0u+VoaLNP+sKI5xEFwmDZw51wGb0ladEFwtKirDfPM2ZOCKzlNTQZo+ yN0DYFGeaaQd0BpWFX6Yda2IbFyZ33qTSjQbwIdLfGxvXGBhTAN8AblSjKLqZWmX7FIf07 2NVkLafMspPvyfJ78xC05Q7RIxbQDXz92DLiq8MMJHYUI94kuBi+104sZXmYSVR5wZth5z ynZiAmbHI5SMOUdn0powlo0CORUhA28EGAiIRbPm8pUHZ1JjMwTOX9xnTtsLLQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P6fCg5bkFzYRq; Thu, 2 Feb 2023 00:04:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 31204FXk020537; Thu, 2 Feb 2023 00:04:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 31204FvA020536; Thu, 2 Feb 2023 00:04:15 GMT (envelope-from git) Date: Thu, 2 Feb 2023 00:04:15 GMT Message-Id: <202302020004.31204FvA020536@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: 301bff9bdd62 - stable/13 - ppp: improve MSS clamping List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 301bff9bdd628f27af7d0a6cda440b9525fde336 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=301bff9bdd628f27af7d0a6cda440b9525fde336 commit 301bff9bdd628f27af7d0a6cda440b9525fde336 Author: Michael Tuexen AuthorDate: 2022-12-08 08:48:29 +0000 Commit: Michael Tuexen CommitDate: 2023-02-02 00:03:50 +0000 ppp: improve MSS clamping ppp supports MSS clamping for TCP/IPv4. This patch * improves MSS clamping for TCP/IPv4 by using the MSS as specified in RFC 6691. * adds support for MSS clamping for TCP/IPv6. Reported by: Timo Voelker Reviewed by: thj Differential Revision: https://reviews.freebsd.org/D37624 (cherry picked from commit cef3c4e0bab8bd5e84ab8cfa2fa48a1e3dca5876) --- usr.sbin/ppp/tcpmss.c | 76 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 62 insertions(+), 14 deletions(-) diff --git a/usr.sbin/ppp/tcpmss.c b/usr.sbin/ppp/tcpmss.c index 765668e9d137..cbf85dbf2a09 100644 --- a/usr.sbin/ppp/tcpmss.c +++ b/usr.sbin/ppp/tcpmss.c @@ -35,6 +35,9 @@ #include #include #include +#ifndef NOINET6 +#include +#endif #include #include @@ -69,10 +72,12 @@ /*- - * We are in a liberal position about MSS - * (RFC 879, section 7). + * Compute the MSS as described in RFC 6691. */ -#define MAXMSS(mtu) ((mtu) - sizeof(struct ip) - sizeof(struct tcphdr) - 12) +#define MAXMSS4(mtu) ((mtu) - sizeof(struct ip) - sizeof(struct tcphdr)) +#ifndef NOINET6 +#define MAXMSS6(mtu) ((mtu) - sizeof(struct ip6_hdr) - sizeof(struct tcphdr)) +#endif /*- @@ -146,6 +151,10 @@ static struct mbuf * tcpmss_Check(struct bundle *bundle, struct mbuf *bp) { struct ip *pip; +#ifndef NOINET6 + struct ip6_hdr *pip6; + struct ip6_frag *pfrag; +#endif size_t hlen, plen; if (!Enabled(bundle, OPT_TCPMSSFIXUP)) @@ -153,19 +162,58 @@ tcpmss_Check(struct bundle *bundle, struct mbuf *bp) bp = m_pullup(bp); plen = m_length(bp); + if (plen < sizeof(struct ip)) + return bp; pip = (struct ip *)MBUF_CTOP(bp); - hlen = pip->ip_hl << 2; - - /* - * Check for MSS option only for TCP packets with zero fragment offsets - * and correct total and header lengths. - */ - if (pip->ip_p == IPPROTO_TCP && (ntohs(pip->ip_off) & IP_OFFMASK) == 0 && - ntohs(pip->ip_len) == plen && hlen <= plen && - plen >= sizeof(struct tcphdr) + hlen) - MSSFixup((struct tcphdr *)(MBUF_CTOP(bp) + hlen), plen - hlen, - MAXMSS(bundle->iface->mtu)); + switch (pip->ip_v) { + case IPVERSION: + /* + * Check for MSS option only for TCP packets with zero fragment offsets + * and correct total and header lengths. + */ + hlen = pip->ip_hl << 2; + if (pip->ip_p == IPPROTO_TCP && (ntohs(pip->ip_off) & IP_OFFMASK) == 0 && + ntohs(pip->ip_len) == plen && hlen <= plen && + plen >= sizeof(struct tcphdr) + hlen) + MSSFixup((struct tcphdr *)(MBUF_CTOP(bp) + hlen), plen - hlen, + MAXMSS4(bundle->iface->mtu)); + break; +#ifndef NOINET6 + case IPV6_VERSION >> 4: + /* + * Check for MSS option only for TCP packets with no extension headers + * or a single extension header which is a fragmentation header with + * offset 0. Furthermore require that the length field is correct. + */ + if (plen < sizeof(struct ip6_hdr)) + break; + pip6 = (struct ip6_hdr *)MBUF_CTOP(bp); + if (ntohs(pip6->ip6_plen) + sizeof(struct ip6_hdr) != plen) + break; + hlen = 0; + switch (pip6->ip6_nxt) { + case IPPROTO_TCP: + hlen = sizeof(struct ip6_hdr); + break; + case IPPROTO_FRAGMENT: + if (plen >= sizeof(struct ip6_frag) + sizeof(struct ip6_hdr)) { + pfrag = (struct ip6_frag *)(MBUF_CTOP(bp) + sizeof(struct ip6_hdr)); + if (pfrag->ip6f_nxt == IPPROTO_TCP && + ntohs(pfrag->ip6f_offlg & IP6F_OFF_MASK) == 0) + hlen = sizeof(struct ip6_hdr)+ sizeof(struct ip6_frag); + } + break; + } + if (hlen > 0 && plen >= sizeof(struct tcphdr) + hlen) + MSSFixup((struct tcphdr *)(MBUF_CTOP(bp) + hlen), plen - hlen, + MAXMSS6(bundle->iface->mtu)); + break; +#endif + default: + log_Printf(LogDEBUG, "tcpmss_Check: Unknown IP family %u\n", pip->ip_v); + break; + } return bp; }