From nobody Thu Dec 08 09:10:32 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NSSzr40P2z4kB7t; Thu, 8 Dec 2022 09:10:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NSSzr3M0mz46bJ; Thu, 8 Dec 2022 09:10:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1670490632; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=p6NCQNkkUV0/UjqFnx8FISAINv38vFKjaygbBBjUJYc=; b=gJBg2fA3KO3XAZrvIUz2a3Z1UK6LaKL8tK7l6xqevhpcjvohuji4yY7bbHTR0O/5VGl1P7 yg0j20sEq/CfQNpG2+N8ps+R5bL/rIiAnlJV6sy33oysdR5Q+/KzKSHVA0QlfpXtKp7Fb0 wnCXklppuiYBCMm2eGH6MdjNjzrbnM56MeHS/8Yg49fWUKFN53Zj+W7MGc0cUDFIYrGWvg I/3B6+NFd/5mLqVyivFtgNFf6D2EV7zQIg3Ee8POSpILjvKfxj9s8tR95HTmq24Sc9yMoz RjFr8++JkqsyF68GeFFQsHArLcZyaVLbSVG5pbdzgSWQ/RhRoRlQD+CI9fxbVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1670490632; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=p6NCQNkkUV0/UjqFnx8FISAINv38vFKjaygbBBjUJYc=; b=biFIXoOibW7oeaRNPZrWPCI+0vOZMjvKt1I+vF1i4CZrIMzW2jMV9tGVNtKZBjvdn2g3yl Sd0XXcSkstjVViUQkp476PZ9zKQt1oWA2AXg1iuvDRqO2mtYKjfuRzJl6gIvhncAh4fP3f hf3IN6kUwfxbRToyHhylsInMf4b14mxkbUmfP6N6QwvUFtwKqI2391KMLqCeuyaYtVOBXy KT1YQEC+xQbNHGbxalQfTxs9a+oSn8tiXqTv5C1COd4ZasBjzugLhMSpFwkD9c6lfLaivV vDPSr/EyZ6fEQgdQU+2u3QT0ENPDgyhLpyBdpOTwEiRIIM/VLr3+1nCa77TMXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1670490632; a=rsa-sha256; cv=none; b=BsMkRIJ1SMvlOdaK8odrkwdYjefPuzMrF9OKfDnQZvzd2Sn4c4BWtJZCU+0yoMBoXooL8U yt4686RbAroLJjYXLpclvrexZCEnius2s9F8j7AYIWT3WvcNpCE+cLiLu2EhQ8f0WfpRuh uvwvTZhwV6jkPF/laxFB8ZiptfoooIvJzm20p81H7+zQSCkxJ4afYVUKZsoyNSreBCDhxn dWlHf2jxTavu1sJeTX/q63CDeuVcYgPLtzrzcuDpjvWylxefky/dN8wQXc3XHe80E+fVoK xSyq1W6U4N+woC6iwfcmHJHhiVYp+d9xmSfcgXjEMwJPMdb0lsAImFzYp6+7XQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NSSzr25PSzqZf; Thu, 8 Dec 2022 09:10:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2B89AW7Z064577; Thu, 8 Dec 2022 09:10:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2B89AWLS064576; Thu, 8 Dec 2022 09:10:32 GMT (envelope-from git) Date: Thu, 8 Dec 2022 09:10:32 GMT Message-Id: <202212080910.2B89AWLS064576@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Tuexen Subject: git: cef3c4e0bab8 - main - ppp: improve MSS clamping List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cef3c4e0bab8bd5e84ab8cfa2fa48a1e3dca5876 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=cef3c4e0bab8bd5e84ab8cfa2fa48a1e3dca5876 commit cef3c4e0bab8bd5e84ab8cfa2fa48a1e3dca5876 Author: Michael Tuexen AuthorDate: 2022-12-08 08:48:29 +0000 Commit: Michael Tuexen CommitDate: 2022-12-08 08:48:29 +0000 ppp: improve MSS clamping ppp supports MSS clamping for TCP/IPv4. This patch * improves MSS clamping for TCP/IPv4 by using the MSS as specified in RFC 6691. * adds support for MSS clamping for TCP/IPv6. Reported by: Timo Voelker Reviewed by: thj MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D37624 --- usr.sbin/ppp/tcpmss.c | 76 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 62 insertions(+), 14 deletions(-) diff --git a/usr.sbin/ppp/tcpmss.c b/usr.sbin/ppp/tcpmss.c index 765668e9d137..cbf85dbf2a09 100644 --- a/usr.sbin/ppp/tcpmss.c +++ b/usr.sbin/ppp/tcpmss.c @@ -35,6 +35,9 @@ #include #include #include +#ifndef NOINET6 +#include +#endif #include #include @@ -69,10 +72,12 @@ /*- - * We are in a liberal position about MSS - * (RFC 879, section 7). + * Compute the MSS as described in RFC 6691. */ -#define MAXMSS(mtu) ((mtu) - sizeof(struct ip) - sizeof(struct tcphdr) - 12) +#define MAXMSS4(mtu) ((mtu) - sizeof(struct ip) - sizeof(struct tcphdr)) +#ifndef NOINET6 +#define MAXMSS6(mtu) ((mtu) - sizeof(struct ip6_hdr) - sizeof(struct tcphdr)) +#endif /*- @@ -146,6 +151,10 @@ static struct mbuf * tcpmss_Check(struct bundle *bundle, struct mbuf *bp) { struct ip *pip; +#ifndef NOINET6 + struct ip6_hdr *pip6; + struct ip6_frag *pfrag; +#endif size_t hlen, plen; if (!Enabled(bundle, OPT_TCPMSSFIXUP)) @@ -153,19 +162,58 @@ tcpmss_Check(struct bundle *bundle, struct mbuf *bp) bp = m_pullup(bp); plen = m_length(bp); + if (plen < sizeof(struct ip)) + return bp; pip = (struct ip *)MBUF_CTOP(bp); - hlen = pip->ip_hl << 2; - - /* - * Check for MSS option only for TCP packets with zero fragment offsets - * and correct total and header lengths. - */ - if (pip->ip_p == IPPROTO_TCP && (ntohs(pip->ip_off) & IP_OFFMASK) == 0 && - ntohs(pip->ip_len) == plen && hlen <= plen && - plen >= sizeof(struct tcphdr) + hlen) - MSSFixup((struct tcphdr *)(MBUF_CTOP(bp) + hlen), plen - hlen, - MAXMSS(bundle->iface->mtu)); + switch (pip->ip_v) { + case IPVERSION: + /* + * Check for MSS option only for TCP packets with zero fragment offsets + * and correct total and header lengths. + */ + hlen = pip->ip_hl << 2; + if (pip->ip_p == IPPROTO_TCP && (ntohs(pip->ip_off) & IP_OFFMASK) == 0 && + ntohs(pip->ip_len) == plen && hlen <= plen && + plen >= sizeof(struct tcphdr) + hlen) + MSSFixup((struct tcphdr *)(MBUF_CTOP(bp) + hlen), plen - hlen, + MAXMSS4(bundle->iface->mtu)); + break; +#ifndef NOINET6 + case IPV6_VERSION >> 4: + /* + * Check for MSS option only for TCP packets with no extension headers + * or a single extension header which is a fragmentation header with + * offset 0. Furthermore require that the length field is correct. + */ + if (plen < sizeof(struct ip6_hdr)) + break; + pip6 = (struct ip6_hdr *)MBUF_CTOP(bp); + if (ntohs(pip6->ip6_plen) + sizeof(struct ip6_hdr) != plen) + break; + hlen = 0; + switch (pip6->ip6_nxt) { + case IPPROTO_TCP: + hlen = sizeof(struct ip6_hdr); + break; + case IPPROTO_FRAGMENT: + if (plen >= sizeof(struct ip6_frag) + sizeof(struct ip6_hdr)) { + pfrag = (struct ip6_frag *)(MBUF_CTOP(bp) + sizeof(struct ip6_hdr)); + if (pfrag->ip6f_nxt == IPPROTO_TCP && + ntohs(pfrag->ip6f_offlg & IP6F_OFF_MASK) == 0) + hlen = sizeof(struct ip6_hdr)+ sizeof(struct ip6_frag); + } + break; + } + if (hlen > 0 && plen >= sizeof(struct tcphdr) + hlen) + MSSFixup((struct tcphdr *)(MBUF_CTOP(bp) + hlen), plen - hlen, + MAXMSS6(bundle->iface->mtu)); + break; +#endif + default: + log_Printf(LogDEBUG, "tcpmss_Check: Unknown IP family %u\n", pip->ip_v); + break; + } return bp; }