FreeBSD kernel netgraph code
ng_tcpmss.c
Go to the documentation of this file.
1/*-
2 * ng_tcpmss.c
3 *
4 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
5 *
6 * Copyright (c) 2004, Alexey Popov <lollypop@flexuser.ru>
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice unmodified, this list of conditions, and the following
14 * disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * This software includes fragments of the following programs:
32 * tcpmssd Ruslan Ermilov <ru@FreeBSD.org>
33 *
34 * $FreeBSD$
35 */
36
37/*
38 * This node is netgraph tool for workaround of PMTUD problem. It acts
39 * like filter for IP packets. If configured, it reduces MSS of TCP SYN
40 * packets.
41 *
42 * Configuration can be done by sending NGM_TCPMSS_CONFIG message. The
43 * message sets filter for incoming packets on hook 'inHook'. Packet's
44 * TCP MSS field is lowered to 'maxMSS' parameter and resulting packet
45 * is sent to 'outHook'.
46 *
47 * XXX: statistics are updated not atomically, so they may broke on SMP.
48 */
49
50#include <sys/param.h>
51#include <sys/systm.h>
52#include <sys/endian.h>
53#include <sys/errno.h>
54#include <sys/kernel.h>
55#include <sys/malloc.h>
56#include <sys/mbuf.h>
57
58#include <netinet/in.h>
59#include <netinet/in_systm.h>
60#include <netinet/ip.h>
61#include <netinet/tcp.h>
62
63#include <netgraph/ng_message.h>
64#include <netgraph/netgraph.h>
65#include <netgraph/ng_parse.h>
66#include <netgraph/ng_tcpmss.h>
67
68/* Per hook info. */
69typedef struct {
70 hook_p outHook;
71 struct ng_tcpmss_hookstat stats;
72} *hpriv_p;
73
74/* Netgraph methods. */
75static ng_constructor_t ng_tcpmss_constructor;
76static ng_rcvmsg_t ng_tcpmss_rcvmsg;
77static ng_newhook_t ng_tcpmss_newhook;
78static ng_rcvdata_t ng_tcpmss_rcvdata;
79static ng_disconnect_t ng_tcpmss_disconnect;
80
81static int correct_mss(struct tcphdr *, int, uint16_t, int);
82
83/* Parse type for struct ng_tcpmss_hookstat. */
84static const struct ng_parse_struct_field ng_tcpmss_hookstat_type_fields[]
85 = NG_TCPMSS_HOOKSTAT_INFO;
86static const struct ng_parse_type ng_tcpmss_hookstat_type = {
87 &ng_parse_struct_type,
88 &ng_tcpmss_hookstat_type_fields
89};
90
91/* Parse type for struct ng_tcpmss_config. */
92static const struct ng_parse_struct_field ng_tcpmss_config_type_fields[]
93 = NG_TCPMSS_CONFIG_INFO;
94static const struct ng_parse_type ng_tcpmss_config_type = {
95 &ng_parse_struct_type,
96 ng_tcpmss_config_type_fields
97};
98
99/* List of commands and how to convert arguments to/from ASCII. */
100static const struct ng_cmdlist ng_tcpmss_cmds[] = {
101 {
102 NGM_TCPMSS_COOKIE,
103 NGM_TCPMSS_GET_STATS,
104 "getstats",
105 &ng_parse_hookbuf_type,
106 &ng_tcpmss_hookstat_type
107 },
108 {
109 NGM_TCPMSS_COOKIE,
110 NGM_TCPMSS_CLR_STATS,
111 "clrstats",
112 &ng_parse_hookbuf_type,
113 NULL
114 },
115 {
116 NGM_TCPMSS_COOKIE,
117 NGM_TCPMSS_GETCLR_STATS,
118 "getclrstats",
119 &ng_parse_hookbuf_type,
120 &ng_tcpmss_hookstat_type
121 },
122 {
123 NGM_TCPMSS_COOKIE,
124 NGM_TCPMSS_CONFIG,
125 "config",
126 &ng_tcpmss_config_type,
127 NULL
128 },
129 { 0 }
130};
131
132/* Netgraph type descriptor. */
133static struct ng_type ng_tcpmss_typestruct = {
134 .version = NG_ABI_VERSION,
135 .name = NG_TCPMSS_NODE_TYPE,
136 .constructor = ng_tcpmss_constructor,
137 .rcvmsg = ng_tcpmss_rcvmsg,
138 .newhook = ng_tcpmss_newhook,
139 .rcvdata = ng_tcpmss_rcvdata,
140 .disconnect = ng_tcpmss_disconnect,
141 .cmdlist = ng_tcpmss_cmds,
142};
143
144NETGRAPH_INIT(tcpmss, &ng_tcpmss_typestruct);
145#define ERROUT(x) { error = (x); goto done; }
146
147/*
148 * Node constructor. No special actions required.
149 */
150static int
151ng_tcpmss_constructor(node_p node)
152{
153 return (0);
154}
155
156/*
157 * Add a hook. Any unique name is OK.
158 */
159static int
160ng_tcpmss_newhook(node_p node, hook_p hook, const char *name)
161{
162 hpriv_p priv;
163
164 priv = malloc(sizeof(*priv), M_NETGRAPH, M_NOWAIT | M_ZERO);
165 if (priv == NULL)
166 return (ENOMEM);
167
168 NG_HOOK_SET_PRIVATE(hook, priv);
169
170 return (0);
171}
172
173/*
174 * Receive a control message.
175 */
176static int
177ng_tcpmss_rcvmsg
178(node_p node, item_p item, hook_p lasthook)
179{
180 struct ng_mesg *msg, *resp = NULL;
181 int error = 0;
182
183 NGI_GET_MSG(item, msg);
184
185 switch (msg->header.typecookie) {
186 case NGM_TCPMSS_COOKIE:
187 switch (msg->header.cmd) {
188 case NGM_TCPMSS_GET_STATS:
189 case NGM_TCPMSS_CLR_STATS:
190 case NGM_TCPMSS_GETCLR_STATS:
191 {
192 hook_p hook;
193 hpriv_p priv;
194
195 /* Check that message is long enough. */
196 if (msg->header.arglen != NG_HOOKSIZ)
197 ERROUT(EINVAL);
198
199 /* Find this hook. */
200 hook = ng_findhook(node, (char *)msg->data);
201 if (hook == NULL)
202 ERROUT(ENOENT);
203
204 priv = NG_HOOK_PRIVATE(hook);
205
206 /* Create response. */
207 if (msg->header.cmd != NGM_TCPMSS_CLR_STATS) {
208 NG_MKRESPONSE(resp, msg,
209 sizeof(struct ng_tcpmss_hookstat), M_NOWAIT);
210 if (resp == NULL)
211 ERROUT(ENOMEM);
212 bcopy(&priv->stats, resp->data,
213 sizeof(struct ng_tcpmss_hookstat));
214 }
215
216 if (msg->header.cmd != NGM_TCPMSS_GET_STATS)
217 bzero(&priv->stats,
218 sizeof(struct ng_tcpmss_hookstat));
219 break;
220 }
221 case NGM_TCPMSS_CONFIG:
222 {
223 struct ng_tcpmss_config *set;
224 hook_p in, out;
225 hpriv_p priv;
226
227 /* Check that message is long enough. */
228 if (msg->header.arglen !=
229 sizeof(struct ng_tcpmss_config))
230 ERROUT(EINVAL);
231
232 set = (struct ng_tcpmss_config *)msg->data;
233 in = ng_findhook(node, set->inHook);
234 out = ng_findhook(node, set->outHook);
235 if (in == NULL || out == NULL)
236 ERROUT(ENOENT);
237
238 /* Configure MSS hack. */
239 priv = NG_HOOK_PRIVATE(in);
240 priv->outHook = out;
241 priv->stats.maxMSS = set->maxMSS;
242
243 break;
244 }
245 default:
246 error = EINVAL;
247 break;
248 }
249 break;
250 default:
251 error = EINVAL;
252 break;
253 }
254
255done:
256 NG_RESPOND_MSG(error, node, item, resp);
257 NG_FREE_MSG(msg);
258
259 return (error);
260}
261
262/*
263 * Receive data on a hook, and hack MSS.
264 *
265 */
266static int
267ng_tcpmss_rcvdata(hook_p hook, item_p item)
268{
269 hpriv_p priv = NG_HOOK_PRIVATE(hook);
270 struct mbuf *m = NULL;
271 struct ip *ip;
272 struct tcphdr *tcp;
273 int iphlen, tcphlen, pktlen;
274 int pullup_len = 0;
275 int error = 0;
276
277 /* Drop packets if filter is not configured on this hook. */
278 if (priv->outHook == NULL)
279 goto done;
280
281 NGI_GET_M(item, m);
282
283 /* Update stats on incoming hook. */
284 pktlen = m->m_pkthdr.len;
285 priv->stats.Octets += pktlen;
286 priv->stats.Packets++;
287
288 /* Check whether we configured to fix MSS. */
289 if (priv->stats.maxMSS == 0)
290 goto send;
291
292#define M_CHECK(length) do { \
293 pullup_len += length; \
294 if ((m)->m_pkthdr.len < pullup_len) \
295 goto send; \
296 if ((m)->m_len < pullup_len && \
297 (((m) = m_pullup((m), pullup_len)) == NULL)) \
298 ERROUT(ENOBUFS); \
299 } while (0)
300
301 /* Check mbuf packet size and arrange for IP header. */
302 M_CHECK(sizeof(struct ip));
303 ip = mtod(m, struct ip *);
304
305 /* Check IP version. */
306 if (ip->ip_v != IPVERSION)
307 ERROUT(EINVAL);
308
309 /* Check IP header length. */
310 iphlen = ip->ip_hl << 2;
311 if (iphlen < sizeof(struct ip) || iphlen > pktlen )
312 ERROUT(EINVAL);
313
314 /* Check if it is TCP. */
315 if (!(ip->ip_p == IPPROTO_TCP))
316 goto send;
317
318 /* Check mbuf packet size and arrange for IP+TCP header */
319 M_CHECK(iphlen - sizeof(struct ip) + sizeof(struct tcphdr));
320 ip = mtod(m, struct ip *);
321 tcp = (struct tcphdr *)((caddr_t )ip + iphlen);
322
323 /* Check TCP header length. */
324 tcphlen = tcp->th_off << 2;
325 if (tcphlen < sizeof(struct tcphdr) || tcphlen > pktlen - iphlen)
326 ERROUT(EINVAL);
327
328 /* Check SYN packet and has options. */
329 if (!(tcp->th_flags & TH_SYN) || tcphlen == sizeof(struct tcphdr))
330 goto send;
331
332 /* Update SYN stats. */
333 priv->stats.SYNPkts++;
334
335 M_CHECK(tcphlen - sizeof(struct tcphdr));
336 ip = mtod(m, struct ip *);
337 tcp = (struct tcphdr *)((caddr_t )ip + iphlen);
338
339#undef M_CHECK
340
341 /* Fix MSS and update stats. */
342 if (correct_mss(tcp, tcphlen, priv->stats.maxMSS,
343 m->m_pkthdr.csum_flags))
344 priv->stats.FixedPkts++;
345
346send:
347 /* Deliver frame out destination hook. */
348 NG_FWD_NEW_DATA(error, item, priv->outHook, m);
349
350 return (error);
351
352done:
353 NG_FREE_ITEM(item);
354 NG_FREE_M(m);
355
356 return (error);
357}
358
359/*
360 * Hook disconnection.
361 * We must check all hooks, since they may reference this one.
362 */
363static int
364ng_tcpmss_disconnect(hook_p hook)
365{
366 node_p node = NG_HOOK_NODE(hook);
367 hook_p hook2;
368
369 LIST_FOREACH(hook2, &node->nd_hooks, hk_hooks) {
370 hpriv_p priv = NG_HOOK_PRIVATE(hook2);
371
372 if (priv->outHook == hook)
373 priv->outHook = NULL;
374 }
375
376 free(NG_HOOK_PRIVATE(hook), M_NETGRAPH);
377
378 if (NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0)
379 ng_rmnode_self(NG_HOOK_NODE(hook));
380
381 return (0);
382}
383
384/*
385 * Code from tcpmssd.
386 */
387
388/*-
389 * The following macro is used to update an
390 * internet checksum. "acc" is a 32-bit
391 * accumulation of all the changes to the
392 * checksum (adding in old 16-bit words and
393 * subtracting out new words), and "cksum"
394 * is the checksum value to be updated.
395 */
396#define TCPMSS_ADJUST_CHECKSUM(acc, cksum) do { \
397 acc += cksum; \
398 if (acc < 0) { \
399 acc = -acc; \
400 acc = (acc >> 16) + (acc & 0xffff); \
401 acc += acc >> 16; \
402 cksum = (u_short) ~acc; \
403 } else { \
404 acc = (acc >> 16) + (acc & 0xffff); \
405 acc += acc >> 16; \
406 cksum = (u_short) acc; \
407 } \
408} while (0);
409
410static int
411correct_mss(struct tcphdr *tc, int hlen, uint16_t maxmss, int flags)
412{
413 int olen, optlen;
414 u_char *opt;
415 int accumulate;
416 int res = 0;
417 uint16_t sum;
418
419 for (olen = hlen - sizeof(struct tcphdr), opt = (u_char *)(tc + 1);
420 olen > 0; olen -= optlen, opt += optlen) {
421 if (*opt == TCPOPT_EOL)
422 break;
423 else if (*opt == TCPOPT_NOP)
424 optlen = 1;
425 else {
426 optlen = *(opt + 1);
427 if (optlen <= 0 || optlen > olen)
428 break;
429 if (*opt == TCPOPT_MAXSEG) {
430 if (optlen != TCPOLEN_MAXSEG)
431 continue;
432 accumulate = be16dec(opt + 2);
433 if (accumulate > maxmss) {
434 if ((flags & CSUM_TCP) == 0) {
435 accumulate -= maxmss;
436 sum = be16dec(&tc->th_sum);
437 TCPMSS_ADJUST_CHECKSUM(accumulate, sum);
438 be16enc(&tc->th_sum, sum);
439 }
440 be16enc(opt + 2, maxmss);
441 res = 1;
442 }
443 }
444 }
445 }
446 return (res);
447}
flags
uint8_t flags
Definition: netflow.h:14
NG_HOOK_NODE
#define NG_HOOK_NODE(hook)
Definition: netgraph.h:339
NG_FREE_M
#define NG_FREE_M(m)
Definition: netgraph.h:946
ng_rcvmsg_t
int ng_rcvmsg_t(node_p node, item_p item, hook_p lasthook)
Definition: netgraph.h:105
ng_disconnect_t
int ng_disconnect_t(hook_p hook)
Definition: netgraph.h:107
NG_RESPOND_MSG
#define NG_RESPOND_MSG(error, here, item, resp)
Definition: netgraph.h:1025
NG_HOOK_SET_PRIVATE
#define NG_HOOK_SET_PRIVATE(hook, val)
Definition: netgraph.h:333
ng_rmnode_self
int ng_rmnode_self(node_p here)
Definition: ng_base.c:1609
NG_FWD_NEW_DATA
#define NG_FWD_NEW_DATA(error, item, hook, m)
Definition: netgraph.h:914
ng_rcvdata_t
int ng_rcvdata_t(hook_p hook, item_p item)
Definition: netgraph.h:106
NG_FREE_ITEM
#define NG_FREE_ITEM(item)
Definition: netgraph.h:847
ng_constructor_t
int ng_constructor_t(node_p node)
Definition: netgraph.h:99
NGI_GET_M
#define NGI_GET_M(i, m)
Definition: netgraph.h:852
NG_FREE_MSG
#define NG_FREE_MSG(msg)
Definition: netgraph.h:938
NG_ABI_VERSION
#define NG_ABI_VERSION
Definition: netgraph.h:77
NG_NODE_NUMHOOKS
#define NG_NODE_NUMHOOKS(node)
Definition: netgraph.h:615
NGI_GET_MSG
#define NGI_GET_MSG(i, m)
Definition: netgraph.h:858
ng_newhook_t
int ng_newhook_t(node_p node, hook_p hook, const char *name)
Definition: netgraph.h:102
ng_findhook
hook_p ng_findhook(node_p node, const char *name)
Definition: ng_base.c:1129
NG_HOOK_PRIVATE
#define NG_HOOK_PRIVATE(hook)
Definition: netgraph.h:336
hpriv_p
struct ng_ipfw_hook_priv * hpriv_p
Definition: ng_ipfw.c:101
ng_message.h
NG_MKRESPONSE
#define NG_MKRESPONSE(rsp, msg, len, how)
Definition: ng_message.h:396
NG_HOOKSIZ
#define NG_HOOKSIZ
Definition: ng_message.h:49
ng_parse_struct_type
const struct ng_parse_type ng_parse_struct_type
Definition: ng_parse.c:222
ng_parse_hookbuf_type
const struct ng_parse_type ng_parse_hookbuf_type
Definition: ng_parse.c:851
ng_parse.h
name
char *const name
Definition: ng_ppp.c:261
ng_tcpmss_newhook
static ng_newhook_t ng_tcpmss_newhook
Definition: ng_tcpmss.c:77
ng_tcpmss_hookstat_type_fields
static const struct ng_parse_struct_field ng_tcpmss_hookstat_type_fields[]
Definition: ng_tcpmss.c:85
ng_tcpmss_typestruct
static struct ng_type ng_tcpmss_typestruct
Definition: ng_tcpmss.c:133
ng_tcpmss_constructor
static ng_constructor_t ng_tcpmss_constructor
Definition: ng_tcpmss.c:75
ng_tcpmss_hookstat_type
static const struct ng_parse_type ng_tcpmss_hookstat_type
Definition: ng_tcpmss.c:86
ng_tcpmss_rcvmsg
static ng_rcvmsg_t ng_tcpmss_rcvmsg
Definition: ng_tcpmss.c:76
ng_tcpmss_disconnect
static ng_disconnect_t ng_tcpmss_disconnect
Definition: ng_tcpmss.c:79
correct_mss
static int correct_mss(struct tcphdr *, int, uint16_t, int)
Definition: ng_tcpmss.c:411
ng_tcpmss_config_type_fields
static const struct ng_parse_struct_field ng_tcpmss_config_type_fields[]
Definition: ng_tcpmss.c:93
ng_tcpmss_rcvdata
static ng_rcvdata_t ng_tcpmss_rcvdata
Definition: ng_tcpmss.c:78
ERROUT
#define ERROUT(x)
Definition: ng_tcpmss.c:145
M_CHECK
#define M_CHECK(length)
TCPMSS_ADJUST_CHECKSUM
#define TCPMSS_ADJUST_CHECKSUM(acc, cksum)
Definition: ng_tcpmss.c:396
ng_tcpmss_cmds
static const struct ng_cmdlist ng_tcpmss_cmds[]
Definition: ng_tcpmss.c:100
ng_tcpmss_config_type
static const struct ng_parse_type ng_tcpmss_config_type
Definition: ng_tcpmss.c:94
NETGRAPH_INIT
NETGRAPH_INIT(tcpmss, &ng_tcpmss_typestruct)
ng_tcpmss.h
NG_TCPMSS_CONFIG_INFO
#define NG_TCPMSS_CONFIG_INFO
Definition: ng_tcpmss.h:68
NGM_TCPMSS_COOKIE
#define NGM_TCPMSS_COOKIE
Definition: ng_tcpmss.h:39
NGM_TCPMSS_GET_STATS
@ NGM_TCPMSS_GET_STATS
Definition: ng_tcpmss.h:77
NGM_TCPMSS_CLR_STATS
@ NGM_TCPMSS_CLR_STATS
Definition: ng_tcpmss.h:78
NGM_TCPMSS_CONFIG
@ NGM_TCPMSS_CONFIG
Definition: ng_tcpmss.h:80
NGM_TCPMSS_GETCLR_STATS
@ NGM_TCPMSS_GETCLR_STATS
Definition: ng_tcpmss.h:79
NG_TCPMSS_HOOKSTAT_INFO
#define NG_TCPMSS_HOOKSTAT_INFO
Definition: ng_tcpmss.h:51
NG_TCPMSS_NODE_TYPE
#define NG_TCPMSS_NODE_TYPE
Definition: ng_tcpmss.h:38
hpriv_p
Definition: ng_tcpmss.c:69
hpriv_p::outHook
hook_p outHook
Definition: ng_tcpmss.c:70
ng_cmdlist
Definition: netgraph.h:1055
ng_hook
Definition: netgraph.h:116
ng_item
Definition: netgraph.h:635
ng_mesg::ng_msghdr::cmd
u_int32_t cmd
Definition: ng_message.h:63
ng_mesg::ng_msghdr::arglen
u_int32_t arglen
Definition: ng_message.h:62
ng_mesg::ng_msghdr::typecookie
u_int32_t typecookie
Definition: ng_message.h:66
ng_mesg
Definition: ng_message.h:57
ng_mesg::header
struct ng_mesg::ng_msghdr header
ng_mesg::data
char data[]
Definition: ng_message.h:69
ng_node
Definition: netgraph.h:365
ng_parse_struct_field
Definition: ng_parse.h:309
ng_parse_type
Definition: ng_parse.h:279
ng_tcpmss_config
Definition: ng_tcpmss.h:61
ng_tcpmss_config::inHook
char inHook[NG_HOOKSIZ]
Definition: ng_tcpmss.h:62
ng_tcpmss_config::maxMSS
uint16_t maxMSS
Definition: ng_tcpmss.h:64
ng_tcpmss_config::outHook
char outHook[NG_HOOKSIZ]
Definition: ng_tcpmss.h:63
ng_tcpmss_hookstat
Definition: ng_tcpmss.h:42
ng_type
Definition: netgraph.h:1076
ng_type::version
u_int32_t version
Definition: netgraph.h:1077
priv
Definition: ng_sscfu.c:66
priv::stats
struct stats stats
Definition: ng_sscop.c:98
stats
Definition: ng_sscop.c:74