diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2012-11-01 07:55:57 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2012-11-01 07:55:57 +0000 |
| commit | 3e894385f9270ed9b5e48e20e90bb2039e96480b (patch) | |
| tree | 95d1f777b809073048e099140897afb666a2fe8f /sys/net/pf_norm.c | |
| parent | 8b9044e72499aee42f7fe82a72015b3e02b99652 (diff) | |
redo most of the protocol (tcp/udp/...) checksum handling
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
ok camield sthen claudio, testing by many, thanks!
Diffstat (limited to 'sys/net/pf_norm.c')
| -rw-r--r-- | sys/net/pf_norm.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 5363366fb9f..46c1635d0ec 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,8 +1,8 @@ -/* $OpenBSD: pf_norm.c,v 1.155 2012/10/30 12:09:05 florian Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.156 2012/11/01 07:55:56 henning Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> - * Copyright 2009 Henning Brauer <henning@openbsd.org> + * Copyright 2009 - 2012 Henning Brauer <henning@openbsd.org> * Copyright 2011 Alexander Bluhm <bluhm@openbsd.org> * All rights reserved. * @@ -869,20 +869,20 @@ pf_normalize_tcp(struct pf_pdesc *pd) th->th_x2 = 0; nv = *(u_int16_t *)(&th->th_ack + 1); - th->th_sum = pf_cksum_fixup(th->th_sum, ov, nv, 0); rewrite = 1; } /* Remove urgent pointer, if TH_URG is not set */ if (!(flags & TH_URG) && th->th_urp) { - th->th_sum = pf_cksum_fixup(th->th_sum, th->th_urp, 0, 0); th->th_urp = 0; rewrite = 1; } /* copy back packet headers if we sanitized */ - if (rewrite) + if (rewrite) { + pf_cksum(pd, pd->m); m_copyback(pd->m, pd->off, sizeof(*th), th, M_NOWAIT); + } return (PF_PASS); @@ -1075,10 +1075,8 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, u_short *reason, PFSS_TIMESTAMP)) { tsval = ntohl(tsval); pf_change_a(&opt[2], - &th->th_sum, htonl(tsval + - src->scrub->pfss_ts_mod), - 0); + src->scrub->pfss_ts_mod)); copyback = 1; } @@ -1091,8 +1089,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, u_short *reason, tsecr = ntohl(tsecr) - dst->scrub->pfss_ts_mod; pf_change_a(&opt[6], - &th->th_sum, htonl(tsecr), - 0); + htonl(tsecr)); copyback = 1; } got_ts = 1; @@ -1422,12 +1419,11 @@ pf_normalize_mss(struct pf_pdesc *pd, u_int16_t maxmss) case TCPOPT_MAXSEG: bcopy((caddr_t)(optp + 2), (caddr_t)&mss, 2); if (ntohs(mss) > maxmss) { - th->th_sum = pf_cksum_fixup(th->th_sum, - mss, htons(maxmss), 0); mss = htons(maxmss); m_copyback(pd->m, pd->off + sizeof(*th) + optp + 2 - opts, 2, &mss, M_NOWAIT); + pf_cksum(pd, pd->m); m_copyback(pd->m, pd->off, sizeof(*th), th, M_NOWAIT); } @@ -1437,8 +1433,6 @@ pf_normalize_mss(struct pf_pdesc *pd, u_int16_t maxmss) } } - - return (0); } |