summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorJon Loeliger <jdl@netgate.com>2019-11-14 16:44:40 -0600
committerOle Trøan <otroan@employees.org>2019-11-19 03:41:46 +0000
commitb15ad95124ca97dd9a800394b93f1fe19567d2e1 (patch)
treefa59c275143f0efbf531cb6240e979cefff0e436 /src/plugins
parent93e060aee441e98adf44a72149679a838d7084f3 (diff)
map: Fix TCP MSS clamping for MAP-E traffic.
Original MSS clamp patch by Vladimir Ratnikov. Modified to apply only to TCP packets. Type: fix Test: Wrote new unit test to ensure MAP-E TCP MSS clamping. Change-Id: I77c69714a2e3cc3b7473aa12b645243bb595c2a2 Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com>
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/map/ip4_map.c14
-rw-r--r--src/plugins/map/test/test_map.py72
2 files changed, 84 insertions, 2 deletions
diff --git a/src/plugins/map/ip4_map.c b/src/plugins/map/ip4_map.c
index f2a00907a57..68c3d73094c 100644
--- a/src/plugins/map/ip4_map.c
+++ b/src/plugins/map/ip4_map.c
@@ -209,6 +209,20 @@ ip4_map (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
*/
port0 = ip4_map_port_and_security_check (d0, p0, &error0);
+ /*
+ * Clamp TCP MSS value.
+ */
+ if (ip40->protocol == IP_PROTOCOL_TCP)
+ {
+ tcp_header_t *tcp = ip4_next_header (ip40);
+ if (mm->tcp_mss > 0 && tcp_syn (tcp))
+ {
+ ip_csum_t csum = tcp->checksum;
+ map_mss_clamping (tcp, &csum, mm->tcp_mss);
+ tcp->checksum = ip_csum_fold (csum);
+ }
+ }
+
/* Decrement IPv4 TTL */
ip4_map_decrement_ttl (ip40, &error0);
bool df0 =
diff --git a/src/plugins/map/test/test_map.py b/src/plugins/map/test/test_map.py
index 0bb7a859f8b..94cb6d7865d 100644
--- a/src/plugins/map/test/test_map.py
+++ b/src/plugins/map/test/test_map.py
@@ -96,8 +96,8 @@ class TestMAP(VppTestCase):
self.assertEqual(rv[0].tag, tag,
"output produced incorrect tag value.")
- def test_map_e(self):
- """ MAP-E """
+ def test_map_e_udp(self):
+ """ MAP-E UDP"""
#
# Add a route to the MAP-BR
@@ -363,6 +363,74 @@ class TestMAP(VppTestCase):
self.validate(rx[0][1], v6_reply1)
self.validate(rx[1][1], v6_reply2)
+ def test_map_e_tcp_mss(self):
+ """ MAP-E TCP MSS"""
+
+ #
+ # Add a route to the MAP-BR
+ #
+ map_br_pfx = "2001::"
+ map_br_pfx_len = 32
+ map_route = VppIpRoute(self,
+ map_br_pfx,
+ map_br_pfx_len,
+ [VppRoutePath(self.pg1.remote_ip6,
+ self.pg1.sw_if_index)])
+ map_route.add_vpp_config()
+
+ #
+ # Add a domain that maps from pg0 to pg1
+ #
+ map_dst = '2001::/32'
+ map_src = '3000::1/128'
+ client_pfx = '192.168.0.0/16'
+ map_translated_addr = '2001:0:101:5000:0:c0a8:101:5'
+ tag = 'MAP-E TCP tag.'
+ self.vapi.map_add_domain(ip4_prefix=client_pfx,
+ ip6_prefix=map_dst,
+ ip6_src=map_src,
+ ea_bits_len=20,
+ psid_offset=4,
+ psid_length=4,
+ tag=tag)
+
+ # Enable MAP on pg0 interface.
+ self.vapi.map_if_enable_disable(is_enable=1,
+ sw_if_index=self.pg0.sw_if_index,
+ is_translation=0)
+
+ # Enable MAP on pg1 interface.
+ self.vapi.map_if_enable_disable(is_enable=1,
+ sw_if_index=self.pg1.sw_if_index,
+ is_translation=0)
+
+ # TCP MSS clamping
+ mss_clamp = 1300
+ self.vapi.map_param_set_tcp(mss_clamp)
+
+ #
+ # Send a v4 packet that will be encapped.
+ #
+ p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
+ p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.1.1')
+ p_tcp = TCP(sport=20000, dport=30000, flags="S",
+ options=[("MSS", 1455)])
+ p4 = p_ether / p_ip4 / p_tcp
+
+ self.pg1.add_stream(p4)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ rx = self.pg1.get_capture(1)
+ rx = rx[0]
+
+ self.assertTrue(rx.haslayer(IPv6))
+ self.assertEqual(rx[IP].src, p4[IP].src)
+ self.assertEqual(rx[IP].dst, p4[IP].dst)
+ self.assertEqual(rx[IPv6].src, "3000::1")
+ self.assertEqual(rx[TCP].options,
+ TCP(options=[('MSS', mss_clamp)]).options)
+
def validate(self, rx, expected):
self.assertEqual(rx, expected.__class__(scapy.compat.raw(expected)))