From: Patrick McHardy <kaber@trash.net>
To: Sven Schnelle <svens@bitebene.org>
Cc: Jan Engelhardt <jengelh@computergmbh.de>,
netfilter-devel@vger.kernel.org
Subject: Re: [RFC] TCPOPTSTRIP target
Date: Sat, 29 Sep 2007 16:33:01 +0200 [thread overview]
Message-ID: <46FE621D.4080502@trash.net> (raw)
In-Reply-To: <87tzpd266j.fsf@begreifnix.intranet.astaro.de>
Sven Schnelle wrote:
> Patrick McHardy <kaber@trash.net> writes:
>
>
>>Jan Engelhardt wrote:
>>
>>>Since I had nothing better to do, I did a cleanup :)
>>
>>Great :) My main question is what the use case of this is.
>
>
> Main intention for writing this module was to strip of TCP Options from
> the SYN packets sent by some Hosts - for example Hosts that are
> announcing that they can do window scaling, but in fact some broken
> implementation/routers inbetween are preventing this. Simply stripping
> of these Option allows communicating with such device, without the need
> to disable window scaling kernel-wide.
>
> The first version was only stripping the Windows scaling option, but it
> may be useful for other cases - so i decided to make the stripped option
> configurable.
Sounds reasonable.
>>Please use the generic checksumming helpers.
>
>
> something like this?:
>
> + if (opt[i] == tinfo->tcpoption) {
> + for(j = 0; j < optl; j++) {
> + o = opt[i+j];
> + n = TCPOPT_NOP;
> + if ((i + j) % 2 == 0) {
> + o <<= 8;
> + n <<= 8;
> + }
> + nf_proto_csum_replace2(&tcph->check, *pskb,
> + htons(o), htons(n), 0);
> + }
> + memset(opt+i, TCPOPT_NOP, optl);
> + }
>
> As i'm currently travelling, i can't test the code above - will do the
> end of next week, and resubmit.
I'm not sure what the loop is doing exactly (still at my first
coffee :), but yes, I meant using nf_proto_csum*.
>>>+ memset(opt+i, newopt, optl);
>>
>>
>>For TCPOPTSTRIP I would expect either real stripping or replacement
>>by TCPOPT_NOP. In which cases does replacement by something else
>>make sense?
>
>
> It does replacement by TCPOPT_NOP - the newopt is a const
> TCPOPT_NOP. But i've changed this with the checksum code above.
> Of course we can choose another name which describes the task of this
> target better - didn't care much about it the name in the first case.
Actually I only misread the code, I thought newopt was configurable.
> I think replacing the TCP Option by nop is cheaper than moving all
> remaining options.
Agreed, that sounds fine.
next prev parent reply other threads:[~2007-09-29 14:33 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-28 6:56 [RFC] TCPOPTSTRIP target Sven Schnelle
2007-09-28 14:16 ` Jan Engelhardt
2007-09-28 14:44 ` Jan Engelhardt
2007-09-28 14:57 ` Jan Engelhardt
2007-09-28 15:02 ` Patrick McHardy
2007-09-28 15:33 ` Jan Engelhardt
2007-09-28 15:34 ` Jan Engelhardt
2007-09-28 15:44 ` Patrick McHardy
2007-09-28 16:04 ` Jan Engelhardt
2007-09-28 16:07 ` Patrick McHardy
2007-09-29 9:04 ` Sven Schnelle
2007-09-29 9:16 ` Jan Engelhardt
2007-09-29 14:33 ` Patrick McHardy [this message]
2007-09-29 17:23 ` Krzysztof Oledzki
2007-10-02 14:09 ` Sven Schnelle
2007-10-02 17:32 ` [RFC] TCPOPTSTRIP target (netfilter) Jan Engelhardt
2007-10-02 17:56 ` Krzysztof Oledzki
2007-10-02 17:57 ` Jan Engelhardt
2007-10-02 18:01 ` Jan Engelhardt
2007-10-04 5:04 ` Patrick McHardy
2007-10-02 14:09 ` [RFC] TCPOPTSTRIP target Sven Schnelle
2007-10-02 14:20 ` Sven Schnelle
2007-10-02 17:49 ` Krzysztof Oledzki
2007-10-02 17:51 ` [RFC] TCPOPTSTRIP target (iptables) Jan Engelhardt
2007-10-06 14:10 ` Sven Schnelle
2007-10-06 14:33 ` Jan Engelhardt
2007-10-06 14:53 ` Sven Schnelle
2007-10-06 15:00 ` [PATCH] xt_TCPOPTSTRIP 20071006 (kernel) Jan Engelhardt
2007-10-06 15:19 ` Sven Schnelle
2007-10-06 15:21 ` Jan Engelhardt
2007-10-08 5:05 ` Patrick McHardy
2007-10-08 5:00 ` Patrick McHardy
2007-10-08 7:58 ` Sven Schnelle
2007-10-08 8:20 ` Patrick McHardy
2007-10-08 15:55 ` Jan Engelhardt
2007-10-08 16:27 ` Patrick McHardy
2007-10-08 16:42 ` Jan Engelhardt
2007-10-06 15:01 ` [PATCH] TCPOPTSTRIP 20071006 (iptables) Jan Engelhardt
2007-10-06 15:37 ` Krzysztof Oledzki
2007-10-06 15:52 ` [PATCH 1/1] TCPOPTSTRIP 20071006 descriptions (iptables) Jan Engelhardt
2007-10-08 8:22 ` [PATCH] TCPOPTSTRIP 20071006 (iptables) Patrick McHardy
2007-09-29 9:05 ` [RFC] TCPOPTSTRIP target Sven Schnelle
2007-10-02 17:22 ` Sven Schnelle
2007-10-02 17:31 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46FE621D.4080502@trash.net \
--to=kaber@trash.net \
--cc=jengelh@computergmbh.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=svens@bitebene.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.