[PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu
@ 2013-09-26  7:00 Gao feng
  2013-09-26  7:00 ` [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce Gao feng
  2013-09-27 14:20 ` [PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu Pablo Neira Ayuso
  0 siblings, 2 replies; 4+ messages in thread
From: Gao feng @ 2013-09-26  7:00 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Gao feng

Don't get reserve mtu when user sepcifies the mss through
set-mss.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 net/netfilter/xt_TCPMSS.c | 70 ++++++++++++++++++++++++-----------------------
 1 file changed, 36 insertions(+), 34 deletions(-)

diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index cd24290..62776de 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -43,10 +43,41 @@ optlen(const u_int8_t *opt, unsigned int offset)
 		return opt[offset+1];
 }
 
+static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
+				    unsigned int family)
+{
+	struct flowi fl;
+	const struct nf_afinfo *ai;
+	struct rtable *rt = NULL;
+	u_int32_t mtu     = ~0U;
+
+	if (family == PF_INET) {
+		struct flowi4 *fl4 = &fl.u.ip4;
+		memset(fl4, 0, sizeof(*fl4));
+		fl4->daddr = ip_hdr(skb)->saddr;
+	} else {
+		struct flowi6 *fl6 = &fl.u.ip6;
+
+		memset(fl6, 0, sizeof(*fl6));
+		fl6->daddr = ipv6_hdr(skb)->saddr;
+	}
+	rcu_read_lock();
+	ai = nf_get_afinfo(family);
+	if (ai != NULL)
+		ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);
+	rcu_read_unlock();
+
+	if (rt != NULL) {
+		mtu = dst_mtu(&rt->dst);
+		dst_release(&rt->dst);
+	}
+	return mtu;
+}
+
 static int
 tcpmss_mangle_packet(struct sk_buff *skb,
 		     const struct xt_action_param *par,
-		     unsigned int in_mtu,
+		     unsigned int family,
 		     unsigned int tcphoff,
 		     unsigned int minlen)
 {
@@ -76,6 +107,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
 		return -1;
 
 	if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
+		unsigned int in_mtu = tcpmss_reverse_mtu(skb, family);
+
 		if (dst_mtu(skb_dst(skb)) <= minlen) {
 			net_err_ratelimited("unknown or invalid path-MTU (%u)\n",
 					    dst_mtu(skb_dst(skb)));
@@ -165,37 +198,6 @@ tcpmss_mangle_packet(struct sk_buff *skb,
 	return TCPOLEN_MSS;
 }
 
-static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
-				    unsigned int family)
-{
-	struct flowi fl;
-	const struct nf_afinfo *ai;
-	struct rtable *rt = NULL;
-	u_int32_t mtu     = ~0U;
-
-	if (family == PF_INET) {
-		struct flowi4 *fl4 = &fl.u.ip4;
-		memset(fl4, 0, sizeof(*fl4));
-		fl4->daddr = ip_hdr(skb)->saddr;
-	} else {
-		struct flowi6 *fl6 = &fl.u.ip6;
-
-		memset(fl6, 0, sizeof(*fl6));
-		fl6->daddr = ipv6_hdr(skb)->saddr;
-	}
-	rcu_read_lock();
-	ai = nf_get_afinfo(family);
-	if (ai != NULL)
-		ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);
-	rcu_read_unlock();
-
-	if (rt != NULL) {
-		mtu = dst_mtu(&rt->dst);
-		dst_release(&rt->dst);
-	}
-	return mtu;
-}
-
 static unsigned int
 tcpmss_tg4(struct sk_buff *skb, const struct xt_action_param *par)
 {
@@ -204,7 +206,7 @@ tcpmss_tg4(struct sk_buff *skb, const struct xt_action_param *par)
 	int ret;
 
 	ret = tcpmss_mangle_packet(skb, par,
-				   tcpmss_reverse_mtu(skb, PF_INET),
+				   PF_INET,
 				   iph->ihl * 4,
 				   sizeof(*iph) + sizeof(struct tcphdr));
 	if (ret < 0)
@@ -233,7 +235,7 @@ tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 	if (tcphoff < 0)
 		return NF_DROP;
 	ret = tcpmss_mangle_packet(skb, par,
-				   tcpmss_reverse_mtu(skb, PF_INET6),
+				   PF_INET6,
 				   tcphoff,
 				   sizeof(*ipv6h) + sizeof(struct tcphdr));
 	if (ret < 0)
-- 
1.8.3.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce
  2013-09-26  7:00 [PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu Gao feng
@ 2013-09-26  7:00 ` Gao feng
  2013-09-27 14:20   ` Pablo Neira Ayuso
  2013-09-27 14:20 ` [PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu Pablo Neira Ayuso
  1 sibling, 1 reply; 4+ messages in thread
From: Gao feng @ 2013-09-26  7:00 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Gao feng

Otherwise the pmtu will be incorrect.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 net/netfilter/xt_TCPMSS.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 62776de..e762de5 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -43,7 +43,8 @@ optlen(const u_int8_t *opt, unsigned int offset)
 		return opt[offset+1];
 }
 
-static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
+static u_int32_t tcpmss_reverse_mtu(struct net *net,
+				    const struct sk_buff *skb,
 				    unsigned int family)
 {
 	struct flowi fl;
@@ -64,7 +65,7 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
 	rcu_read_lock();
 	ai = nf_get_afinfo(family);
 	if (ai != NULL)
-		ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);
+		ai->route(net, (struct dst_entry **)&rt, &fl, false);
 	rcu_read_unlock();
 
 	if (rt != NULL) {
@@ -107,7 +108,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
 		return -1;
 
 	if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
-		unsigned int in_mtu = tcpmss_reverse_mtu(skb, family);
+		struct net *net = dev_net(par->in ? par->in : par->out);
+		unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family);
 
 		if (dst_mtu(skb_dst(skb)) <= minlen) {
 			net_err_ratelimited("unknown or invalid path-MTU (%u)\n",
-- 
1.8.3.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce
  2013-09-26  7:00 ` [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce Gao feng
@ 2013-09-27 14:20   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-27 14:20 UTC (permalink / raw)
  To: Gao feng; +Cc: netfilter-devel

On Thu, Sep 26, 2013 at 03:00:31PM +0800, Gao feng wrote:
> Otherwise the pmtu will be incorrect.

Applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu
  2013-09-26  7:00 [PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu Gao feng
  2013-09-26  7:00 ` [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce Gao feng
@ 2013-09-27 14:20 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-27 14:20 UTC (permalink / raw)
  To: Gao feng; +Cc: netfilter-devel

On Thu, Sep 26, 2013 at 03:00:30PM +0800, Gao feng wrote:
> Don't get reserve mtu when user sepcifies the mss through
> set-mss.

I see, some refactoring to save some cycles and prepare net namespace.

Applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2013-09-27 14:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-26  7:00 [PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu Gao feng
2013-09-26  7:00 ` [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce Gao feng
2013-09-27 14:20   ` Pablo Neira Ayuso
2013-09-27 14:20 ` [PATCH 1/2] xt_TCPMSS：Get reserve mtu only when specifing option clamp-mss-to-pmtu Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.