Hi,
npppd(8) and pipex(4) can clamp TCP MSS independently of pf(4)
and so tweak the TCP checksum, too.
Substitute pf's algorithm to reduce the diversity of checksum-tweaking
algorithms in the tree.
Compiled but untested.
oks or test reports welcome (enable mss clamping by adding 'tcp-mss-adjust
yes' to npppd.conf tunnel spec).
Richard.
Index: sys/net/pipex.c
===================================================================
RCS file: /cvs/src/sys/net/pipex.c,v
retrieving revision 1.107
diff -u -p -u -p -r1.107 pipex.c
--- sys/net/pipex.c 31 Jan 2019 18:01:14 -0000 1.107
+++ sys/net/pipex.c 24 Jan 2020 21:46:22 -0000
@@ -2691,24 +2691,14 @@ pipex_ccp_output(struct pipex_session *s
#define TCP_OPTLEN_IN_SEGMENT 12 /* timestamp option and padding */
#define MAXMSS(mtu) (mtu - sizeof(struct ip) - sizeof(struct tcphdr) - \
TCP_OPTLEN_IN_SEGMENT)
-/*
- * The following macro is used to update an internet checksum. "acc" is a
- * 32-bit accumulation of all the changes to the checksum (adding in old
- * 16-bit words and subtracting out new words), and "cksum" is the checksum
- * value to be updated.
- */
-#define ADJUST_CHECKSUM(acc, cksum) { \
- acc += cksum; \
- if (acc < 0) { \
- acc = -acc; \
- acc = (acc >> 16) + (acc & 0xffff); \
- acc += acc >> 16; \
- cksum = (u_short) ~acc; \
- } else { \
- acc = (acc >> 16) + (acc & 0xffff); \
- acc += acc >> 16; \
- cksum = (u_short) acc; \
- } \
+
+static inline void
+in_cksum_fixup(u_int16_t *cksum, u_int16_t was, u_int16_t now)
+{
+ u_int32_t x;
+ x = *cksum + was - now;
+ x = (x + (x >> 16)) & 0xffff; // see pf_cksum_fixup()
+ *cksum = (u_int16_t)(x);
}
/*
@@ -2719,7 +2709,7 @@ pipex_ccp_output(struct pipex_session *s
Static struct mbuf *
adjust_tcp_mss(struct mbuf *m0, int mtu)
{
- int opt, optlen, acc, mss, maxmss, lpktp;
+ int opt, optlen, mss, maxmss, lpktp;
struct ip *pip;
struct tcphdr *th;
u_char *pktp, *mssp;
@@ -2772,9 +2762,7 @@ adjust_tcp_mss(struct mbuf *m0, int mtu)
PIPEX_DBG((NULL, LOG_DEBUG,
"change tcp-mss %d => %d", mss, maxmss));
PUTSHORT(maxmss, mssp);
- acc = htons(mss);
- acc -= htons(maxmss);
- ADJUST_CHECKSUM(acc, th->th_sum);
+ in_cksum_fixup(&th->th_sum, htons(mss),
htons(maxmss));
}
goto handled;
/* NOTREACHED */
Index: usr.sbin/npppd/npppd/npppd_subr.c
===================================================================
RCS file: /cvs/src/usr.sbin/npppd/npppd/npppd_subr.c,v
retrieving revision 1.20
diff -u -p -u -p -r1.20 npppd_subr.c
--- usr.sbin/npppd/npppd/npppd_subr.c 10 May 2019 01:29:31 -0000 1.20
+++ usr.sbin/npppd/npppd/npppd_subr.c 24 Jan 2020 21:46:26 -0000
@@ -451,24 +451,13 @@ in_addr_range_delete_route(struct in_add
* $FreeBSD: src/usr.sbin/ppp/tcpmss.c,v 1.1.4.3 2001/07/19 11:39:54 brian Exp
$
*/
-/*
- * The following macro is used to update an internet checksum. "acc" is a
- * 32-bit accumulation of all the changes to the checksum (adding in old
- * 16-bit words and subtracting out new words), and "cksum" is the checksum
- * value to be updated.
- */
-#define ADJUST_CHECKSUM(acc, cksum) { \
- acc += cksum; \
- if (acc < 0) { \
- acc = -acc; \
- acc = (acc >> 16) + (acc & 0xffff); \
- acc += acc >> 16; \
- cksum = (u_short) ~acc; \
- } else { \
- acc = (acc >> 16) + (acc & 0xffff); \
- acc += acc >> 16; \
- cksum = (u_short) acc; \
- } \
+static inline void
+in_cksum_fixup(u_int16_t *cksum, u_int16_t was, u_int16_t now)
+{
+ u_int32_t x;
+ x = *cksum + was - now;
+ x = (x + (x >> 16)) & 0xffff; // see pf_cksum_fixup()
+ *cksum = (u_int16_t)(x);
}
/**
@@ -481,7 +470,7 @@ in_addr_range_delete_route(struct in_add
int
adjust_tcp_mss(u_char *pktp, int lpktp, int mtu)
{
- int opt, optlen, acc, ip_off, mss, maxmss;
+ int opt, optlen, ip_off, mss, maxmss;
struct ip *pip;
struct tcphdr *th;
@@ -523,9 +512,7 @@ adjust_tcp_mss(u_char *pktp, int lpktp,
if (mss > maxmss) {
pktp-=2;
PUTSHORT(maxmss, pktp);
- acc = htons(mss);
- acc -= htons(maxmss);
- ADJUST_CHECKSUM(acc, th->th_sum);
+ in_cksum_fixup(&th->th_sum, htons(mss),
htons(maxmss));
}
return 0;
/* NOTREACHED */
