1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2000 Ruslan Ermilov and Brian Somers <brian@Awfulhak.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD$ 29 */ 30 31 #include <sys/param.h> 32 33 #include <sys/socket.h> 34 #include <net/route.h> 35 #include <netinet/in_systm.h> 36 #include <netinet/in.h> 37 #include <netinet/ip.h> 38 #ifndef NOINET6 39 #include <netinet/ip6.h> 40 #endif 41 #include <netinet/tcp.h> 42 #include <sys/un.h> 43 44 #include <termios.h> 45 46 #include "layer.h" 47 #include "defs.h" 48 #include "log.h" 49 #include "timer.h" 50 #include "fsm.h" 51 #include "mbuf.h" 52 #include "throughput.h" 53 #include "lqr.h" 54 #include "hdlc.h" 55 #include "lcp.h" 56 #include "ccp.h" 57 #include "link.h" 58 #include "iplist.h" 59 #include "slcompress.h" 60 #include "ncpaddr.h" 61 #include "ipcp.h" 62 #include "filter.h" 63 #include "descriptor.h" 64 #include "mp.h" 65 #include "iface.h" 66 #ifndef NORADIUS 67 #include "radius.h" 68 #endif 69 #include "ipv6cp.h" 70 #include "ncp.h" 71 #include "bundle.h" 72 73 74 /*- 75 * Compute the MSS as described in RFC 6691. 76 */ 77 #define MAXMSS4(mtu) ((mtu) - sizeof(struct ip) - sizeof(struct tcphdr)) 78 #ifndef NOINET6 79 #define MAXMSS6(mtu) ((mtu) - sizeof(struct ip6_hdr) - sizeof(struct tcphdr)) 80 #endif 81 82 83 /*- 84 * The following macro is used to update an 85 * internet checksum. "acc" is a 32-bit 86 * accumulation of all the changes to the 87 * checksum (adding in old 16-bit words and 88 * subtracting out new words), and "cksum" 89 * is the checksum value to be updated. 90 */ 91 #define ADJUST_CHECKSUM(acc, cksum) { \ 92 acc += cksum; \ 93 if (acc < 0) { \ 94 acc = -acc; \ 95 acc = (acc >> 16) + (acc & 0xffff); \ 96 acc += acc >> 16; \ 97 cksum = (u_short) ~acc; \ 98 } else { \ 99 acc = (acc >> 16) + (acc & 0xffff); \ 100 acc += acc >> 16; \ 101 cksum = (u_short) acc; \ 102 } \ 103 } 104 105 static void 106 MSSFixup(struct tcphdr *tc, size_t pktlen, u_int16_t maxmss) 107 { 108 size_t hlen, olen, optlen; 109 u_char *opt; 110 u_int16_t *mss; 111 int accumulate; 112 113 hlen = tc->th_off << 2; 114 115 /* Invalid header length or header without options. */ 116 if (hlen <= sizeof(struct tcphdr) || hlen > pktlen) 117 return; 118 119 /* MSS option only allowed within SYN packets. */ 120 if (!(tc->th_flags & TH_SYN)) 121 return; 122 123 for (olen = hlen - sizeof(struct tcphdr), opt = (u_char *)(tc + 1); 124 olen > 0; olen -= optlen, opt += optlen) { 125 if (*opt == TCPOPT_EOL) 126 break; 127 else if (*opt == TCPOPT_NOP) 128 optlen = 1; 129 else { 130 optlen = *(opt + 1); 131 if (optlen <= 0 || optlen > olen) 132 break; 133 if (*opt == TCPOPT_MAXSEG) { 134 if (optlen != TCPOLEN_MAXSEG) 135 continue; 136 mss = (u_int16_t *)(opt + 2); 137 if (ntohs(*mss) > maxmss) { 138 log_Printf(LogDEBUG, "MSS: %u -> %u\n", 139 ntohs(*mss), maxmss); 140 accumulate = *mss; 141 *mss = htons(maxmss); 142 accumulate -= *mss; 143 ADJUST_CHECKSUM(accumulate, tc->th_sum); 144 } 145 } 146 } 147 } 148 } 149 150 static struct mbuf * 151 tcpmss_Check(struct bundle *bundle, struct mbuf *bp) 152 { 153 struct ip *pip; 154 #ifndef NOINET6 155 struct ip6_hdr *pip6; 156 struct ip6_frag *pfrag; 157 #endif 158 size_t hlen, plen; 159 160 if (!Enabled(bundle, OPT_TCPMSSFIXUP)) 161 return bp; 162 163 bp = m_pullup(bp); 164 plen = m_length(bp); 165 if (plen < sizeof(struct ip)) 166 return bp; 167 pip = (struct ip *)MBUF_CTOP(bp); 168 169 switch (pip->ip_v) { 170 case IPVERSION: 171 /* 172 * Check for MSS option only for TCP packets with zero fragment offsets 173 * and correct total and header lengths. 174 */ 175 hlen = pip->ip_hl << 2; 176 if (pip->ip_p == IPPROTO_TCP && (ntohs(pip->ip_off) & IP_OFFMASK) == 0 && 177 ntohs(pip->ip_len) == plen && hlen <= plen && 178 plen >= sizeof(struct tcphdr) + hlen) 179 MSSFixup((struct tcphdr *)(MBUF_CTOP(bp) + hlen), plen - hlen, 180 MAXMSS4(bundle->iface->mtu)); 181 break; 182 #ifndef NOINET6 183 case IPV6_VERSION >> 4: 184 /* 185 * Check for MSS option only for TCP packets with no extension headers 186 * or a single extension header which is a fragmentation header with 187 * offset 0. Furthermore require that the length field is correct. 188 */ 189 if (plen < sizeof(struct ip6_hdr)) 190 break; 191 pip6 = (struct ip6_hdr *)MBUF_CTOP(bp); 192 if (ntohs(pip6->ip6_plen) + sizeof(struct ip6_hdr) != plen) 193 break; 194 hlen = 0; 195 switch (pip6->ip6_nxt) { 196 case IPPROTO_TCP: 197 hlen = sizeof(struct ip6_hdr); 198 break; 199 case IPPROTO_FRAGMENT: 200 if (plen >= sizeof(struct ip6_frag) + sizeof(struct ip6_hdr)) { 201 pfrag = (struct ip6_frag *)(MBUF_CTOP(bp) + sizeof(struct ip6_hdr)); 202 if (pfrag->ip6f_nxt == IPPROTO_TCP && 203 ntohs(pfrag->ip6f_offlg & IP6F_OFF_MASK) == 0) 204 hlen = sizeof(struct ip6_hdr)+ sizeof(struct ip6_frag); 205 } 206 break; 207 } 208 if (hlen > 0 && plen >= sizeof(struct tcphdr) + hlen) 209 MSSFixup((struct tcphdr *)(MBUF_CTOP(bp) + hlen), plen - hlen, 210 MAXMSS6(bundle->iface->mtu)); 211 break; 212 #endif 213 default: 214 log_Printf(LogDEBUG, "tcpmss_Check: Unknown IP family %u\n", pip->ip_v); 215 break; 216 } 217 return bp; 218 } 219 220 static struct mbuf * 221 tcpmss_LayerPush(struct bundle *bundle, struct link *l __unused, 222 struct mbuf *bp, int pri __unused, u_short *proto __unused) 223 { 224 return tcpmss_Check(bundle, bp); 225 } 226 227 static struct mbuf * 228 tcpmss_LayerPull(struct bundle *bundle, struct link *l __unused, 229 struct mbuf *bp, u_short *proto __unused) 230 { 231 return tcpmss_Check(bundle, bp); 232 } 233 234 struct layer tcpmsslayer = 235 { LAYER_PROTO, "tcpmss", tcpmss_LayerPush, tcpmss_LayerPull }; 236