subject:"\[Openvpn\-devel\] \[PATCH\] Implement \-\-mssfix handling for IPv6 packets."

Re: [Openvpn-devel] [PATCH] Implement --mssfix handling for IPv6 packets.

2012-12-13 Thread David Sommerseth

On 02/12/12 22:11, Gert Doering wrote:
> Rename process_ipv4_header() to process_ip_header() and PIPV4_MSSFIX
> flag to PIP_MSSFIX, to make visible that it's no longer IPv4-only.
> 
> Inside process_ip_header(), call out to mss_fixup_ipv6() if --mssfix
> is active and IPv6 packet seen.
> 
> Rename mss_fixup() to mss_fixup_ipv4(), implement mss_fixup_ipv6().
> 
> Signed-off-by: Gert Doering 
> ---
>  src/openvpn/forward.c |   26 +
>  src/openvpn/forward.h |4 +-
>  src/openvpn/mss.c |   57 
> -
>  src/openvpn/mss.h |3 +-
>  src/openvpn/multi.c   |6 ++--
>  src/openvpn/proto.c   |   19 +--
>  src/openvpn/proto.h   |3 +-
>  7 files changed, 97 insertions(+), 21 deletions(-)

Applied in master and beta/2.3


commit f0e8997a874a89b3fe1f82109c443232e8967b01 (master)
commit 729c8464021ff7c41a7fbb03501465eca55909a3 (beta/2.3)
Author: Gert Doering 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Sun Dec 2 22:11:12 2012 +0100

Implement --mssfix handling for IPv6 packets.

Signed-off-by: Gert Doering 
Acked-by: Arne Schwabe 
Message-Id: 1354482672-16136-2-git-send-email-g...@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/7173
Signed-off-by: David Sommerseth 



-- 
kind regards,

David Sommerseth



signature.asc
Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH] Implement --mssfix handling for IPv6 packets.

2012-12-04 Thread Arne Schwabe

Am 02.12.12 22:11, schrieb Gert Doering:
> Rename process_ipv4_header() to process_ip_header() and PIPV4_MSSFIX
> flag to PIP_MSSFIX, to make visible that it's no longer IPv4-only.
>
> Inside process_ip_header(), call out to mss_fixup_ipv6() if --mssfix
> is active and IPv6 packet seen.
>
> Rename mss_fixup() to mss_fixup_ipv4(), implement mss_fixup_ipv6().
>
>
I have no setup with broken mss but I looked through the patch and I
think is the right fix.

Arne

[Openvpn-devel] [PATCH] Implement --mssfix handling for IPv6 packets.

2012-12-02 Thread Gert Doering

Rename process_ipv4_header() to process_ip_header() and PIPV4_MSSFIX
flag to PIP_MSSFIX, to make visible that it's no longer IPv4-only.

Inside process_ip_header(), call out to mss_fixup_ipv6() if --mssfix
is active and IPv6 packet seen.

Rename mss_fixup() to mss_fixup_ipv4(), implement mss_fixup_ipv6().

Signed-off-by: Gert Doering 
---
 src/openvpn/forward.c |   26 +
 src/openvpn/forward.h |4 +-
 src/openvpn/mss.c |   57 -
 src/openvpn/mss.h |3 +-
 src/openvpn/multi.c   |6 ++--
 src/openvpn/proto.c   |   19 +--
 src/openvpn/proto.h   |3 +-
 7 files changed, 97 insertions(+), 21 deletions(-)

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 57c7846..024cd58 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -985,9 +985,9 @@ process_incoming_tun (struct context *c)
 {
   /*
* The --passtos and --mssfix options require
-   * us to examine the IPv4 header.
+   * us to examine the IP header (IPv4 or IPv6).
*/
-  process_ipv4_header (c, PIPV4_PASSTOS|PIPV4_MSSFIX|PIPV4_CLIENT_NAT, 
>c2.buf);
+  process_ip_header (c, PIPV4_PASSTOS|PIP_MSSFIX|PIPV4_CLIENT_NAT, 
>c2.buf);

 #ifdef PACKET_TRUNCATION_CHECK
   /* if (c->c2.buf.len > 1) --c->c2.buf.len; */
@@ -1009,10 +1009,10 @@ process_incoming_tun (struct context *c)
 }

 void
-process_ipv4_header (struct context *c, unsigned int flags, struct buffer *buf)
+process_ip_header (struct context *c, unsigned int flags, struct buffer *buf)
 {
   if (!c->options.ce.mssfix)
-flags &= ~PIPV4_MSSFIX;
+flags &= ~PIP_MSSFIX;
 #if PASSTOS_CAPABILITY
   if (!c->options.passtos)
 flags &= ~PIPV4_PASSTOS;
@@ -1027,9 +1027,9 @@ process_ipv4_header (struct context *c, unsigned int 
flags, struct buffer *buf)
* us to examine the IPv4 header.
*/
 #if PASSTOS_CAPABILITY
-  if (flags & (PIPV4_PASSTOS|PIPV4_MSSFIX))
+  if (flags & (PIPV4_PASSTOS|PIP_MSSFIX))
 #else
-  if (flags & PIPV4_MSSFIX)
+  if (flags & PIP_MSSFIX)
 #endif
{
  struct buffer ipbuf = *buf;
@@ -1042,8 +1042,8 @@ process_ipv4_header (struct context *c, unsigned int 
flags, struct buffer *buf)
 #endif

  /* possibly alter the TCP MSS */
- if (flags & PIPV4_MSSFIX)
-   mss_fixup (, MTU_TO_MSS (TUN_MTU_SIZE_DYNAMIC 
(>c2.frame)));
+ if (flags & PIP_MSSFIX)
+   mss_fixup_ipv4 (, MTU_TO_MSS (TUN_MTU_SIZE_DYNAMIC 
(>c2.frame)));

 #ifdef ENABLE_CLIENT_NAT
  /* possibly do NAT on packet */
@@ -1061,6 +1061,12 @@ process_ipv4_header (struct context *c, unsigned int 
flags, struct buffer *buf)
route_list_add_vpn_gateway (c->c1.route_list, c->c2.es, 
dhcp_router);
}
}
+ else if (is_ipv6 (TUNNEL_TYPE (c->c1.tuntap), ))
+   {
+ /* possibly alter the TCP MSS */
+ if (flags & PIP_MSSFIX)
+   mss_fixup_ipv6 (, MTU_TO_MSS (TUN_MTU_SIZE_DYNAMIC 
(>c2.frame)));
+   }
}
 }
 }
@@ -1217,9 +1223,9 @@ process_outgoing_tun (struct context *c)

   /*
* The --mssfix option requires
-   * us to examine the IPv4 header.
+   * us to examine the IP header (IPv4 or IPv6).
*/
-  process_ipv4_header (c, 
PIPV4_MSSFIX|PIPV4_EXTRACT_DHCP_ROUTER|PIPV4_CLIENT_NAT|PIPV4_OUTGOING, 
>c2.to_tun);
+  process_ip_header (c, 
PIP_MSSFIX|PIPV4_EXTRACT_DHCP_ROUTER|PIPV4_CLIENT_NAT|PIPV4_OUTGOING, 
>c2.to_tun);

   if (c->c2.to_tun.len <= MAX_RW_SIZE_TUN (>c2.frame))
 {
diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h
index 0f829bd..1830a00 100644
--- a/src/openvpn/forward.h
+++ b/src/openvpn/forward.h
@@ -228,12 +228,12 @@ void process_outgoing_tun (struct context *c);
 bool send_control_channel_string (struct context *c, const char *str, int 
msglevel);

 #define PIPV4_PASSTOS (1<<0)
-#define PIPV4_MSSFIX  (1<<1)
+#define PIP_MSSFIX(1<<1) /* v4 and v6 */
 #define PIPV4_OUTGOING(1<<2)
 #define PIPV4_EXTRACT_DHCP_ROUTER (1<<3)
 #define PIPV4_CLIENT_NAT  (1<<4)

-void process_ipv4_header (struct context *c, unsigned int flags, struct buffer 
*buf);
+void process_ip_header (struct context *c, unsigned int flags, struct buffer 
*buf);

 #if P2MP
 void schedule_exit (struct context *c, const int n_seconds, const int signal);
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 8981bad..64fd722 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -38,8 +38,13 @@
  * problems which arise from protocol
  * encapsulation.
  */
+
+/*
+ * IPv4 packet: find TCP header, check flags for "SYN"
+ *  if yes, hand to mss_fixup_dowork()
+ */
 void
-mss_fixup (struct buffer *buf, int maxmss)
+mss_fixup_ipv4 (struct buffer *buf, int maxmss)
 {
   const struct openvpn_iphdr *pip;
   int hlen;
@@ -69,6 +74,56 @@ mss_fixup (struct buffer *buf, int

Re: [Openvpn-devel] [PATCH] Implement --mssfix handling for IPv6 packets.

Re: [Openvpn-devel] [PATCH] Implement --mssfix handling for IPv6 packets.

[Openvpn-devel] [PATCH] Implement --mssfix handling for IPv6 packets.

3 matches

Site Navigation

Mail list logo

Footer information