* [PATCH 1/2] xt_TCPMSS:Get reserve mtu only when specifing option clamp-mss-to-pmtu
@ 2013-09-26 7:00 Gao feng
2013-09-26 7:00 ` [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce Gao feng
2013-09-27 14:20 ` [PATCH 1/2] xt_TCPMSS:Get reserve mtu only when specifing option clamp-mss-to-pmtu Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Gao feng @ 2013-09-26 7:00 UTC (permalink / raw)
To: netfilter-devel; +Cc: Gao feng
Don't get reserve mtu when user sepcifies the mss through
set-mss.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/xt_TCPMSS.c | 70 ++++++++++++++++++++++++-----------------------
1 file changed, 36 insertions(+), 34 deletions(-)
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index cd24290..62776de 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -43,10 +43,41 @@ optlen(const u_int8_t *opt, unsigned int offset)
return opt[offset+1];
}
+static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
+ unsigned int family)
+{
+ struct flowi fl;
+ const struct nf_afinfo *ai;
+ struct rtable *rt = NULL;
+ u_int32_t mtu = ~0U;
+
+ if (family == PF_INET) {
+ struct flowi4 *fl4 = &fl.u.ip4;
+ memset(fl4, 0, sizeof(*fl4));
+ fl4->daddr = ip_hdr(skb)->saddr;
+ } else {
+ struct flowi6 *fl6 = &fl.u.ip6;
+
+ memset(fl6, 0, sizeof(*fl6));
+ fl6->daddr = ipv6_hdr(skb)->saddr;
+ }
+ rcu_read_lock();
+ ai = nf_get_afinfo(family);
+ if (ai != NULL)
+ ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);
+ rcu_read_unlock();
+
+ if (rt != NULL) {
+ mtu = dst_mtu(&rt->dst);
+ dst_release(&rt->dst);
+ }
+ return mtu;
+}
+
static int
tcpmss_mangle_packet(struct sk_buff *skb,
const struct xt_action_param *par,
- unsigned int in_mtu,
+ unsigned int family,
unsigned int tcphoff,
unsigned int minlen)
{
@@ -76,6 +107,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
return -1;
if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
+ unsigned int in_mtu = tcpmss_reverse_mtu(skb, family);
+
if (dst_mtu(skb_dst(skb)) <= minlen) {
net_err_ratelimited("unknown or invalid path-MTU (%u)\n",
dst_mtu(skb_dst(skb)));
@@ -165,37 +198,6 @@ tcpmss_mangle_packet(struct sk_buff *skb,
return TCPOLEN_MSS;
}
-static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
- unsigned int family)
-{
- struct flowi fl;
- const struct nf_afinfo *ai;
- struct rtable *rt = NULL;
- u_int32_t mtu = ~0U;
-
- if (family == PF_INET) {
- struct flowi4 *fl4 = &fl.u.ip4;
- memset(fl4, 0, sizeof(*fl4));
- fl4->daddr = ip_hdr(skb)->saddr;
- } else {
- struct flowi6 *fl6 = &fl.u.ip6;
-
- memset(fl6, 0, sizeof(*fl6));
- fl6->daddr = ipv6_hdr(skb)->saddr;
- }
- rcu_read_lock();
- ai = nf_get_afinfo(family);
- if (ai != NULL)
- ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);
- rcu_read_unlock();
-
- if (rt != NULL) {
- mtu = dst_mtu(&rt->dst);
- dst_release(&rt->dst);
- }
- return mtu;
-}
-
static unsigned int
tcpmss_tg4(struct sk_buff *skb, const struct xt_action_param *par)
{
@@ -204,7 +206,7 @@ tcpmss_tg4(struct sk_buff *skb, const struct xt_action_param *par)
int ret;
ret = tcpmss_mangle_packet(skb, par,
- tcpmss_reverse_mtu(skb, PF_INET),
+ PF_INET,
iph->ihl * 4,
sizeof(*iph) + sizeof(struct tcphdr));
if (ret < 0)
@@ -233,7 +235,7 @@ tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par)
if (tcphoff < 0)
return NF_DROP;
ret = tcpmss_mangle_packet(skb, par,
- tcpmss_reverse_mtu(skb, PF_INET6),
+ PF_INET6,
tcphoff,
sizeof(*ipv6h) + sizeof(struct tcphdr));
if (ret < 0)
--
1.8.3.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce
2013-09-26 7:00 [PATCH 1/2] xt_TCPMSS:Get reserve mtu only when specifing option clamp-mss-to-pmtu Gao feng
@ 2013-09-26 7:00 ` Gao feng
2013-09-27 14:20 ` Pablo Neira Ayuso
2013-09-27 14:20 ` [PATCH 1/2] xt_TCPMSS:Get reserve mtu only when specifing option clamp-mss-to-pmtu Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Gao feng @ 2013-09-26 7:00 UTC (permalink / raw)
To: netfilter-devel; +Cc: Gao feng
Otherwise the pmtu will be incorrect.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/xt_TCPMSS.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 62776de..e762de5 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -43,7 +43,8 @@ optlen(const u_int8_t *opt, unsigned int offset)
return opt[offset+1];
}
-static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
+static u_int32_t tcpmss_reverse_mtu(struct net *net,
+ const struct sk_buff *skb,
unsigned int family)
{
struct flowi fl;
@@ -64,7 +65,7 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
rcu_read_lock();
ai = nf_get_afinfo(family);
if (ai != NULL)
- ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);
+ ai->route(net, (struct dst_entry **)&rt, &fl, false);
rcu_read_unlock();
if (rt != NULL) {
@@ -107,7 +108,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
return -1;
if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
- unsigned int in_mtu = tcpmss_reverse_mtu(skb, family);
+ struct net *net = dev_net(par->in ? par->in : par->out);
+ unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family);
if (dst_mtu(skb_dst(skb)) <= minlen) {
net_err_ratelimited("unknown or invalid path-MTU (%u)\n",
--
1.8.3.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] xt_TCPMSS:Get reserve mtu only when specifing option clamp-mss-to-pmtu
2013-09-26 7:00 [PATCH 1/2] xt_TCPMSS:Get reserve mtu only when specifing option clamp-mss-to-pmtu Gao feng
2013-09-26 7:00 ` [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce Gao feng
@ 2013-09-27 14:20 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-27 14:20 UTC (permalink / raw)
To: Gao feng; +Cc: netfilter-devel
On Thu, Sep 26, 2013 at 03:00:30PM +0800, Gao feng wrote:
> Don't get reserve mtu when user sepcifies the mss through
> set-mss.
I see, some refactoring to save some cycles and prepare net namespace.
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce
2013-09-26 7:00 ` [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce Gao feng
@ 2013-09-27 14:20 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-27 14:20 UTC (permalink / raw)
To: Gao feng; +Cc: netfilter-devel
On Thu, Sep 26, 2013 at 03:00:31PM +0800, Gao feng wrote:
> Otherwise the pmtu will be incorrect.
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-09-27 14:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-26 7:00 [PATCH 1/2] xt_TCPMSS:Get reserve mtu only when specifing option clamp-mss-to-pmtu Gao feng
2013-09-26 7:00 ` [PATCH 2/2] xt_TCPMSS: lookup route in proper net namesapce Gao feng
2013-09-27 14:20 ` Pablo Neira Ayuso
2013-09-27 14:20 ` [PATCH 1/2] xt_TCPMSS:Get reserve mtu only when specifing option clamp-mss-to-pmtu Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).