diff options
-rw-r--r-- | src/plugins/nat/in2out.c | 11 | ||||
-rw-r--r-- | src/plugins/nat/in2out_ed.c | 5 | ||||
-rw-r--r-- | src/plugins/nat/lib/nat_inlines.h | 66 | ||||
-rw-r--r-- | src/plugins/nat/nat.h | 1 | ||||
-rw-r--r-- | src/plugins/nat/nat44_cli.c | 5 | ||||
-rw-r--r-- | src/plugins/nat/nat64_in2out.c | 3 | ||||
-rw-r--r-- | src/plugins/nat/nat_api.c | 5 | ||||
-rw-r--r-- | src/plugins/nat/nat_det_in2out.c | 7 | ||||
-rw-r--r-- | src/plugins/nat/nat_inlines.h | 48 |
9 files changed, 83 insertions, 68 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c index a448867cd4f..980a638f059 100644 --- a/src/plugins/nat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -35,6 +35,7 @@ #include <vppinfra/hash.h> #include <vppinfra/error.h> #include <vppinfra/elog.h> +#include <nat/lib/nat_inlines.h> typedef struct { @@ -1109,7 +1110,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm, tcp0, &sum0); + mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } tcp_packets++; @@ -1317,7 +1318,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, sum1 = ip_csum_update (sum1, old_port1, new_port1, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm, tcp1, &sum1); + mss_clamping (sm->mss_clamping, tcp1, &sum1); tcp1->checksum = ip_csum_fold (sum1); } tcp_packets++; @@ -1560,7 +1561,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm, tcp0, &sum0); + mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } tcp_packets++; @@ -1885,7 +1886,7 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm, tcp0, &sum0); + mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } else if (udp0->checksum) @@ -1908,7 +1909,7 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, dst_address /* changed member */ ); - mss_clamping (sm, tcp0, &sum0); + mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } else if (udp0->checksum) diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 06e6772840b..9b10d9df7f6 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -32,6 +32,7 @@ #include <nat/nat_syslog.h> #include <nat/nat_ha.h> #include <nat/nat44/ed_inlines.h> +#include <nat/lib/nat_inlines.h> static char *nat_in2out_ed_error_strings[] = { #define _(sym,string) string, @@ -1096,7 +1097,7 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, tcp0->dst_port = s0->ext_host_port; ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } - mss_clamping (sm, tcp0, &sum0); + mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } tcp_packets++; @@ -1406,7 +1407,7 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, tcp0->dst_port = s0->ext_host_port; ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } - mss_clamping (sm, tcp0, &sum0); + mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } tcp_packets++; diff --git a/src/plugins/nat/lib/nat_inlines.h b/src/plugins/nat/lib/nat_inlines.h new file mode 100644 index 00000000000..fc8e160bb2b --- /dev/null +++ b/src/plugins/nat/lib/nat_inlines.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2020 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <vnet/tcp/tcp_packet.h> +#include <vnet/ip/ip4_packet.h> + +always_inline void +mss_clamping (u16 mss_clamping, tcp_header_t * tcp, ip_csum_t * sum) +{ + u8 *data; + u8 opt_len, opts_len, kind; + u16 mss; + + if (!(mss_clamping && tcp_syn (tcp))) + return; + + opts_len = (tcp_doff (tcp) << 2) - sizeof (tcp_header_t); + data = (u8 *) (tcp + 1); + for (; opts_len > 0; opts_len -= opt_len, data += opt_len) + { + kind = data[0]; + + if (kind == TCP_OPTION_EOL) + break; + else if (kind == TCP_OPTION_NOOP) + { + opt_len = 1; + continue; + } + else + { + if (opts_len < 2) + return; + opt_len = data[1]; + + if (opt_len < 2 || opt_len > opts_len) + return; + } + + if (kind == TCP_OPTION_MSS) + { + mss = *(u16 *) (data + 2); + if (clib_net_to_host_u16 (mss) > mss_clamping) + { + u16 mss_value_net = clib_host_to_net_u16(mss_clamping); + *sum = + ip_csum_update (*sum, mss, mss_value_net, ip4_header_t, + length); + clib_memcpy_fast (data + 2, &mss_value_net, 2); + } + return; + } + } +} diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 8ec0c62a800..de2353889da 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -654,7 +654,6 @@ typedef struct snat_main_s /* TCP MSS clamping */ u16 mss_clamping; - u16 mss_value_net; /* counters/gauges */ vlib_simple_counter_main_t total_users; diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c index ccc2eac5539..9e9751d5bc9 100644 --- a/src/plugins/nat/nat44_cli.c +++ b/src/plugins/nat/nat44_cli.c @@ -358,10 +358,7 @@ nat_set_mss_clamping_command_fn (vlib_main_t * vm, unformat_input_t * input, if (unformat (line_input, "disable")) sm->mss_clamping = 0; else if (unformat (line_input, "%d", &mss)) - { - sm->mss_clamping = (u16) mss; - sm->mss_value_net = clib_host_to_net_u16 (sm->mss_clamping); - } + sm->mss_clamping = (u16) mss; else { error = clib_error_return (0, "unknown input '%U'", diff --git a/src/plugins/nat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c index 38e98340b8c..af212d3061d 100644 --- a/src/plugins/nat/nat64_in2out.c +++ b/src/plugins/nat/nat64_in2out.c @@ -21,6 +21,7 @@ #include <nat/nat_inlines.h> #include <vnet/ip/ip6_to_ip4.h> #include <vnet/fib/fib_table.h> +#include <nat/lib/nat_inlines.h> typedef struct { @@ -276,7 +277,7 @@ nat64_in2out_tcp_udp (vlib_main_t * vm, vlib_buffer_t * p, u16 l4_offset, csum = ip_csum_add_even (csum, ip4->src_address.as_u32); csum = ip_csum_sub_even (csum, sport); csum = ip_csum_add_even (csum, udp->src_port); - mss_clamping (nm->sm, tcp, &csum); + mss_clamping (nm->sm->mss_clamping, tcp, &csum); tcp->checksum = ip_csum_fold (csum); nat64_tcp_session_set_state (ste, tcp, 1); diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c index 201c9d4730d..abd1d867c47 100644 --- a/src/plugins/nat/nat_api.c +++ b/src/plugins/nat/nat_api.c @@ -495,10 +495,7 @@ vl_api_nat_set_mss_clamping_t_handler (vl_api_nat_set_mss_clamping_t * mp) int rv = 0; if (mp->enable) - { - sm->mss_clamping = ntohs (mp->mss_value); - sm->mss_value_net = mp->mss_value; - } + sm->mss_clamping = ntohs (mp->mss_value); else sm->mss_clamping = 0; diff --git a/src/plugins/nat/nat_det_in2out.c b/src/plugins/nat/nat_det_in2out.c index cf50805c1a3..8628fcc42f7 100644 --- a/src/plugins/nat/nat_det_in2out.c +++ b/src/plugins/nat/nat_det_in2out.c @@ -26,6 +26,7 @@ #include <nat/nat.h> #include <nat/nat_det.h> #include <nat/nat_inlines.h> +#include <nat/lib/nat_inlines.h> typedef struct { @@ -438,7 +439,7 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm, tcp0, &sum0); + mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } else @@ -611,7 +612,7 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, sum1 = ip_csum_update (sum1, old_port1, new_port1, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm, tcp1, &sum1); + mss_clamping (sm->mss_clamping, tcp1, &sum1); tcp1->checksum = ip_csum_fold (sum1); } else @@ -820,7 +821,7 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm, tcp0, &sum0); + mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } else diff --git a/src/plugins/nat/nat_inlines.h b/src/plugins/nat/nat_inlines.h index 121d2c71aaa..4dad11bed72 100644 --- a/src/plugins/nat/nat_inlines.h +++ b/src/plugins/nat/nat_inlines.h @@ -657,54 +657,6 @@ get_icmp_o2i_ed_key (vlib_buffer_t * b, ip4_header_t * ip0, u32 rx_fib_index, return 0; } -always_inline void -mss_clamping (snat_main_t * sm, tcp_header_t * tcp, ip_csum_t * sum) -{ - u8 *data; - u8 opt_len, opts_len, kind; - u16 mss; - - if (!(sm->mss_clamping && tcp_syn (tcp))) - return; - - opts_len = (tcp_doff (tcp) << 2) - sizeof (tcp_header_t); - data = (u8 *) (tcp + 1); - for (; opts_len > 0; opts_len -= opt_len, data += opt_len) - { - kind = data[0]; - - if (kind == TCP_OPTION_EOL) - break; - else if (kind == TCP_OPTION_NOOP) - { - opt_len = 1; - continue; - } - else - { - if (opts_len < 2) - return; - opt_len = data[1]; - - if (opt_len < 2 || opt_len > opts_len) - return; - } - - if (kind == TCP_OPTION_MSS) - { - mss = *(u16 *) (data + 2); - if (clib_net_to_host_u16 (mss) > sm->mss_clamping) - { - *sum = - ip_csum_update (*sum, mss, sm->mss_value_net, ip4_header_t, - length); - clib_memcpy_fast (data + 2, &sm->mss_value_net, 2); - } - return; - } - } -} - /** * @brief Check if packet should be translated * |