system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-23 03:06:48 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit

Browse source 
The NAT module use of the tcphdr.th_x2 field now collides with the
use of this TCP header flag as AccECN (AE) bit. Use the topmost
bit instead to allow negotiation of AccECN across a NAT device.

Event:			IETF 115 Hackathon
Reviewed By:		#transport, tuexen
MFC after:		3 days
Sponsored by:		NetApp, Inc.
Differential Revision:	https://reviews.freebsd.org/D37300
This commit is contained in:
Richard Scheffenegger 2022-11-09 10:54:34 +01:00
parent 0b1adc42a1
commit 0b00b80149
7 changed files with 13 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/netinet/libalias/alias_ftp.c
View file

@ -754,7 +754,7 @@ NewFtpMessage(struct libalias *la, struct ip *pip,
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
tc->th_x2 = 1;
tc->th_x2 = (TH_RES1 >> 8);
#else
tc->th_sum = TcpChecksum(pip);
#endif

2
sys/netinet/libalias/alias_irc.c
View file

@ -458,7 +458,7 @@ AliasHandleIrcOut(struct libalias *la,
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
tc->th_x2 = 1;
tc->th_x2 = (TH_RES1 >> 8);
#else
tc->th_sum = TcpChecksum(pip);
#endif

2
sys/netinet/libalias/alias_proxy.c
View file

@ -368,7 +368,7 @@ ProxyEncodeTcpStream(struct alias_link *lnk,
tc->th_sum = 0;
#ifdef _KERNEL
tc->th_x2 = 1;
tc->th_x2 = (TH_RES1 >> 8);
#else
tc->th_sum = TcpChecksum(pip);
#endif

6
sys/netinet/libalias/alias_skinny.c
View file

@ -216,7 +216,7 @@ alias_skinny_reg_msg(struct RegisterMessage *reg_msg, struct ip *pip,
tc->th_sum = 0;
#ifdef _KERNEL
tc->th_x2 = 1;
tc->th_x2 = (TH_RES1 >> 8);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@ -259,7 +259,7 @@ alias_skinny_port_msg(struct IpPortMessage *port_msg, struct ip *pip,
tc->th_sum = 0;
#ifdef _KERNEL
tc->th_x2 = 1;
tc->th_x2 = (TH_RES1 >> 8);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@ -289,7 +289,7 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
tc->th_sum = 0;
#ifdef _KERNEL
tc->th_x2 = 1;
tc->th_x2 = (TH_RES1 >> 8);
#else
tc->th_sum = TcpChecksum(pip);
#endif

4
sys/netinet/libalias/alias_smedia.c
View file

@ -404,7 +404,7 @@ alias_rtsp_out(struct libalias *la, struct ip *pip,
tc->th_sum = 0;
#ifdef _KERNEL
tc->th_x2 = 1;
tc->th_x2 = (TH_RES1 >> 8);
#else
tc->th_sum = TcpChecksum(pip);
#endif
@ -451,7 +451,7 @@ alias_pna_out(struct libalias *la, struct ip *pip,
/* Compute TCP checksum for revised packet */
tc->th_sum = 0;
#ifdef _KERNEL
tc->th_x2 = 1;
tc->th_x2 = (TH_RES1 >> 8);
#else
tc->th_sum = TcpChecksum(pip);
#endif

3
sys/netinet/tcp.h
View file

@ -72,6 +72,9 @@ struct tcphdr {
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TH_AE 0x100 /* maps into th_x2 */
#define TH_RES3 0x200
#define TH_RES2 0x400
#define TH_RES1 0x800
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|TH_ECE|TH_CWR)
#define PRINT_TH_FLAGS "\20\1FIN\2SYN\3RST\4PUSH\5ACK\6URG\7ECE\10CWR\11AE"

4
sys/netpfil/ipfw/ip_fw_nat.c
View file

@ -418,7 +418,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
struct tcphdr *th;
th = (struct tcphdr *)(ip + 1);
if (th->th_x2)
if (th->th_x2 & (TH_RES1 >> 8))
ldt = 1;
}
@ -438,7 +438,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
* Maybe it was set in
* libalias...
*/
th->th_x2 = 0;
th->th_x2 &= ~(TH_RES1 >> 8);
th->th_sum = cksum;
mcl->m_pkthdr.csum_data =
offsetof(struct tcphdr, th_sum);