summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/in2out.c
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2018-09-13 02:36:25 -0700
committerMatus Fabian <matfabia@cisco.com>2018-09-13 02:36:25 -0700
commitbb4e022502dd7f76d4f1cd705a7bac628d8c098c (patch)
treee8b5f13cbea161f66aad347fc7175edabd337f72 /src/plugins/nat/in2out.c
parentc2b4dbe48a01e746bfa89c4208d6e6b686270ac0 (diff)
NAT: TCP MSS clamping
NAT plugin changes the MSS value in TCP SYN packets to avoid fragmentation. If the negotiated MSS value is greater than the configured value it is changed to the configured value. If the negotiated MSS value is smaller than the configured value it remains unchanged. Change-Id: Ic3c4f94a2f1b76e2bf79f50f3ad36a4097f3f188 Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/plugins/nat/in2out.c')
-rwxr-xr-xsrc/plugins/nat/in2out.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 22a346855c6..661d8c1bef9 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -1336,6 +1336,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */,
length /* changed member */);
+ mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold(sum0);
}
else
@@ -1496,6 +1497,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
sum1 = ip_csum_update (sum1, old_port1, new_port1,
ip4_header_t /* cheat */,
length /* changed member */);
+ mss_clamping (sm, tcp1, &sum1);
tcp1->checksum = ip_csum_fold(sum1);
}
else
@@ -1693,6 +1695,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */,
length /* changed member */);
+ mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold(sum0);
}
else
@@ -3354,6 +3357,7 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
tcp0->dst_port = s0->ext_host_port;
ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
}
+ mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold(sum0);
if (nat44_set_tcp_session_state_i2o (sm, s0, tcp0, thread_index))
goto trace00;
@@ -3539,6 +3543,7 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
ip1->dst_address.as_u32 = s1->ext_host_addr.as_u32;
}
tcp1->checksum = ip_csum_fold(sum1);
+ mss_clamping (sm, tcp1, &sum1);
if (nat44_set_tcp_session_state_i2o (sm, s1, tcp1, thread_index))
goto trace01;
}
@@ -3751,6 +3756,7 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
tcp0->dst_port = s0->ext_host_port;
ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
}
+ mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold(sum0);
if (nat44_set_tcp_session_state_i2o (sm, s0, tcp0, thread_index))
goto trace0;
@@ -4122,6 +4128,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */,
length /* changed member */);
+ mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold(sum0);
}
else
@@ -4272,6 +4279,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
sum1 = ip_csum_update (sum1, old_port1, new_port1,
ip4_header_t /* cheat */,
length /* changed member */);
+ mss_clamping (sm, tcp1, &sum1);
tcp1->checksum = ip_csum_fold(sum1);
}
else
@@ -4458,6 +4466,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */,
length /* changed member */);
+ mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold(sum0);
}
else
@@ -5354,6 +5363,7 @@ snat_in2out_fast_static_map_fn (vlib_main_t * vm,
sum0 = ip_csum_update (sum0, old_port0, new_port0,
ip4_header_t /* cheat */,
length /* changed member */);
+ mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold(sum0);
}
else
@@ -5371,6 +5381,7 @@ snat_in2out_fast_static_map_fn (vlib_main_t * vm,
sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
ip4_header_t,
dst_address /* changed member */);
+ mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold(sum0);
}
}