diff options
author | ru <ru@FreeBSD.org> | 2004-06-12 02:52:39 +0800 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2004-06-12 02:52:39 +0800 |
commit | 9b014a6e2be3da3b127ffc6c52b5abb26e24116e (patch) | |
tree | 42c2f2f8503548bb8acd1879606447abe22d333e /net/tcpmssd/src | |
parent | ab400d7014b2e848de365025c7f3e5633444b5d5 (diff) | |
download | freebsd-ports-gnome-9b014a6e2be3da3b127ffc6c52b5abb26e24116e.tar.gz freebsd-ports-gnome-9b014a6e2be3da3b127ffc6c52b5abb26e24116e.tar.zst freebsd-ports-gnome-9b014a6e2be3da3b127ffc6c52b5abb26e24116e.zip |
Keep sources directly in the tree.
Diffstat (limited to 'net/tcpmssd/src')
-rw-r--r-- | net/tcpmssd/src/tcpmssd.8 | 95 | ||||
-rw-r--r-- | net/tcpmssd/src/tcpmssd.c | 381 |
2 files changed, 476 insertions, 0 deletions
diff --git a/net/tcpmssd/src/tcpmssd.8 b/net/tcpmssd/src/tcpmssd.8 new file mode 100644 index 000000000000..0fc6f105e631 --- /dev/null +++ b/net/tcpmssd/src/tcpmssd.8 @@ -0,0 +1,95 @@ +.\" $Id: tcpmssd.8,v 1.1 2000/07/17 17:58:03 ru Exp $ +.Dd July 17, 2000 +.Dt TCPMSSD 8 +.Os FreeBSD +.Sh NAME +.Nm tcpmssd +.Nd TCP Maximum Segment Size option corrector +.Sh SYNOPSIS +.Nm +.Op Fl v +.Fl p Ar port +.Eo \&{ +.Fl i Ar iface | Fl m Ar mtu +.Ec \&} +.Sh DESCRIPTION +.Nm +is a program that adjusts outgoing TCP SYN packets so that the maximum +receive segment size is not greater than the amount allowed by the +interface MTU. +.Pp +This is necessary in many setups to avoid problems caused by routers that +drop ICMP +.Dq Datagram Too Big +messages, thus breaking Path MTU discovery algorithm (RFC 1191). +Without these messages, the originating machine sends data, it passes +the rogue router then hits a machine that has an MTU that is not big +enough for the data. +Because the IP +.Dq don't fragment +option is set, this machine sends an ICMP +.Dq Datagram Too Big +message back to the originator and drops the packet. +The rogue router drops the ICMP and the originator never gets to +discover that it must reduce the Path MTU value or exclude the IP +.Dq don't fragment +option from its outgoing data. +.Pp +.Nm +normally runs in the background as a daemon. +It intercepts TCP packets +from a +.Xr divert 4 +socket bound to the +.Ar port +specified with the +.Fl p +option and reduces the value of TCP MSS option if necessary so that +the incoming TCP messages will pass through this host without need to +send ICMP +.Dq Datagram Too Big +messages. +.Pp +The maximum value for the TCP MSS option is determined based on a MTU +given either as an absolute value with the +.Fl m +option or derived from a network interface specified with the +.Fl i +option. +.Pp +If run with the +.Fl v +option, +.Nm +does not detach from its controlling terminal and writes various diagnostic +messages to the standard error output. +.Pp +The following steps are necessary to run +.Nm No : +.Bl -enum +.It +Build your kernel with the following options: +.Bd -literal -offset indent +options IPFIREWALL +options IPDIVERT +.Ed +.Pp +Refer to the Handbook for detailed instructions on building a custom +kernel. +.It +Make sure to redirect TCP traffic to the +.Xr divert 4 +port +.Ar port . +Refer to the +.Xr ipfw 8 +manual page for details. +.El +.Sh SEE ALSO +.Xr divert 4 , +.Xr ipfw 8 . +.Sh AUTHORS +This program was written by +.An Ruslan Ermilov Aq ru@FreeBSD.org +based on work done by +.An Patrick Bihan-Faou Aq patrick@mindstep.com . diff --git a/net/tcpmssd/src/tcpmssd.c b/net/tcpmssd/src/tcpmssd.c new file mode 100644 index 000000000000..5eacff430e87 --- /dev/null +++ b/net/tcpmssd/src/tcpmssd.c @@ -0,0 +1,381 @@ +/*- + * Copyright (c) 2000 Ruslan Ermilov + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: tcpmssd.c,v 1.5 2000/07/17 17:57:24 ru Exp $ + */ + +#include <sys/param.h> +#include <sys/socket.h> +#include <sys/sysctl.h> +#include <net/if.h> +#include <net/if_dl.h> +#include <net/route.h> +#include <netinet/in_systm.h> +#include <netinet/in.h> +#include <netinet/ip.h> +#include <netinet/tcp.h> +#include <err.h> +#include <errno.h> +#include <paths.h> +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +static void correct_mss(struct tcphdr *, ssize_t len, u_int16_t); +static int if_mtu(const char *, u_long *); +static void sigterm_handler(int); +static void usage(void); + +int verbose; +char pidfilename[MAXPATHLEN]; + +/*- + * We are in liberal position about MSS + * (RFC 879, section 7). + */ +#define MAXMSS(mtu) (mtu - sizeof(struct ip) - sizeof(struct tcphdr)) + +int +main(int argc, char *argv[]) +{ + char pkt[IP_MAXPACKET]; + ssize_t pktlen, hlen; + struct ip *pip = (struct ip *)pkt; + struct sockaddr_in sin; + socklen_t sinlen; + int s; + int mflag; + u_long mtu; + u_int16_t maxmss; + int rtsock; + int ifindex; + int pflag; + u_short port; + int ch; + fd_set fdset; + + mflag = pflag = 0; + port = 0; /* XXX gcc -Wuninitialized */ + ifindex = 0; + rtsock = -1; + + while ((ch = getopt(argc, argv, "i:m:p:v")) != -1) + switch (ch) { + case 'i': + if (!(ifindex = if_mtu(optarg, &mtu))) { + errx(1, "unknown interface %s", optarg); + /* NOTREACHED */ + } + snprintf(pidfilename, sizeof pidfilename, + "%stcpmssd.%s.pid", _PATH_VARRUN, optarg); + break; + case 'm': + if ((mtu = atoi(optarg)) < 68) { + errx(1, "invalid MTU value"); + /* NOTREACHED */ + } + mflag++; + break; + case 'p': + port = htons(atoi(optarg)); + pflag++; + break; + case 'v': + verbose = 1; + break; + case '?': + default: + usage(); + /* NOTREACHED */ + } + argc -= optind; + argv += optind; + + if (!(!mflag - !ifindex) || !pflag || argc) { + usage(); + /* NOTREACHED */ + } + + if ((s = socket(PF_INET, SOCK_RAW, IPPROTO_DIVERT)) == -1) { + err(1, "can't create divert socket"); + /* NOTREACHED */ + } + + bzero(&sin, sizeof(sin)); + sin.sin_family = PF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_port = port; + + if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) == -1) { + err(1, "can't bind divert socket"); + /* NOTREACHED */ + } + + if (ifindex) + if ((rtsock = socket(PF_ROUTE, SOCK_RAW, 0)) == -1) { + err(1, "can't create routing socket"); + /* NOTREACHED */ + } + + maxmss = MAXMSS(mtu); + if (verbose) + fprintf(stderr, "Maximum MSS: %u\n", maxmss); + + if (!verbose) + if (daemon(0, 0) == -1) { + err(1, "can't daemonize"); + /* NOTREACHED */ + } + + if (ifindex) { + FILE *pidfile; + + pidfile = fopen(pidfilename, "w"); + if (pidfile != NULL) { + fprintf(pidfile, "%d\n", (int)getpid()); + fclose(pidfile); + if (signal(SIGTERM, sigterm_handler) == SIG_ERR) { + err(1, "can't install SIGTERM handler"); + /* NOTREACHED */ + } + } + } + + while (1) { + FD_ZERO(&fdset); + FD_SET(s, &fdset); + if (rtsock != -1) + FD_SET(rtsock, &fdset); + + if (select(32, &fdset, (fd_set *)NULL, (fd_set *)NULL, (struct timeval *)NULL) == -1) { + warn("select failed"); + continue; + } + + if (rtsock != -1 && FD_ISSET(rtsock, &fdset)) { + struct if_msghdr ifm; + + if ((pktlen = read(rtsock, &ifm, sizeof(ifm))) == -1) { + warn("read from routing socket failed"); + continue; + } + if (ifm.ifm_version != RTM_VERSION) { + if (verbose) + warnx("routing message version %d " + "not understood", ifm.ifm_version); + continue; + } + if (ifm.ifm_type != RTM_IFINFO || + ifm.ifm_index != ifindex) + continue; + if (mtu != ifm.ifm_data.ifi_mtu) { + mtu = ifm.ifm_data.ifi_mtu; + maxmss = MAXMSS(mtu); + if (verbose) + fprintf(stderr, "Maximum MSS: %u\n", maxmss); + } + } + + if (FD_ISSET(s, &fdset)) { + sinlen = sizeof(sin); + + if ((pktlen = recvfrom(s, pkt, sizeof(pkt), 0, + (struct sockaddr *)&sin, &sinlen)) == -1) + if (errno != EINTR) { + warn("read from divert socket failed"); + continue; + } + + hlen = pip->ip_hl << 2; + + /*- + * Check for MSS option only for outgoing + * TCP packets with zero fragment offset + * and correct total and header lengths. + */ + if (sin.sin_addr.s_addr == INADDR_ANY && + pip->ip_p == IPPROTO_TCP && + (ntohs(pip->ip_off) & IP_OFFMASK) == 0 && + ntohs(pip->ip_len) == pktlen && + hlen <= pktlen && + pktlen - hlen >= sizeof(struct tcphdr)) + correct_mss((struct tcphdr *)(pkt + hlen), + pktlen - hlen, maxmss); + + if (sendto(s, pkt, pktlen, 0, + (struct sockaddr *)&sin, sinlen) == -1) + warn("write to divert socket failed"); + } + } +} + + +/*- + * The following macro is used to update an + * internet checksum. "acc" is a 32-bit + * accumulation of all the changes to the + * checksum (adding in old 16-bit words and + * subtracting out new words), and "cksum" + * is the checksum value to be updated. + */ +#define ADJUST_CHECKSUM(acc, cksum) { \ + acc += cksum; \ + if (acc < 0) { \ + acc = -acc; \ + acc = (acc >> 16) + (acc & 0xffff); \ + acc += acc >> 16; \ + cksum = (u_short) ~acc; \ + } else { \ + acc = (acc >> 16) + (acc & 0xffff); \ + acc += acc >> 16; \ + cksum = (u_short) acc; \ + } \ +} + + +void +correct_mss(struct tcphdr *tc, ssize_t pktlen, u_int16_t maxmss) +{ + int hlen, olen, optlen; + u_char *opt; + u_int16_t *mss; + int accumulate; + + hlen = tc->th_off << 2; + + /* Invalid header length or header without options. */ + if (hlen <= sizeof(struct tcphdr) || hlen > pktlen) + return; + + /* MSS option only allowed within SYN packets. */ + if (!(tc->th_flags & TH_SYN)) + return; + + for (olen = hlen - sizeof(struct tcphdr), opt = (u_char *)(tc + 1); + olen > 0; olen -= optlen, opt += optlen) { + if (*opt == TCPOPT_EOL) + break; + else if (*opt == TCPOPT_NOP) + optlen = 1; + else { + optlen = *(opt + 1); + if (optlen <= 0 || optlen > olen) + break; + if (*opt == TCPOPT_MAXSEG) { + if (optlen != TCPOLEN_MAXSEG) + continue; + mss = (u_int16_t *)(opt + 2); + if (ntohs(*mss) > maxmss) { + if (verbose) + fprintf(stderr, + "MSS: %u -> %u\n", + ntohs(*mss), maxmss); + accumulate = *mss; + *mss = htons(maxmss); + accumulate -= *mss; + ADJUST_CHECKSUM(accumulate, tc->th_sum); + } + } + } + } +} + + +static int +if_mtu(const char *ifn, u_long *mtu) +{ + size_t needed; + int mib[6]; + char *buf, *lim, *next; + struct if_msghdr *ifm; + struct sockaddr_dl *sdl; + int ifindex; + + mib[0] = CTL_NET; + mib[1] = PF_ROUTE; + mib[2] = 0; + mib[3] = AF_INET; /* Only IP addresses please. */ + mib[4] = NET_RT_IFLIST; + mib[5] = 0; /* List all interfaces. */ +/* + * Get interface data. + */ + if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1) + err(1, "iflist-sysctl-estimate"); + if ((buf = malloc(needed)) == NULL) + errx(1, "malloc failed"); + if (sysctl(mib, 6, buf, &needed, NULL, 0) == -1) + err(1, "iflist-sysctl-get"); + lim = buf + needed; +/* + * Loop through interfaces until one with + * given name is found. This is done to + * find correct interface index for routing + * message processing. + */ + ifindex = 0; + next = buf; + while (next < lim) { + ifm = (struct if_msghdr *)next; + next += ifm->ifm_msglen; + if (ifm->ifm_version != RTM_VERSION) { + if (verbose) + warnx("routing message version %d " + "not understood", ifm->ifm_version); + continue; + } + if (ifm->ifm_type == RTM_IFINFO) { + sdl = (struct sockaddr_dl *)(ifm + 1); + if (strlen(ifn) == sdl->sdl_nlen && + strncmp(ifn, sdl->sdl_data, sdl->sdl_nlen) == 0) { + *mtu = ifm->ifm_data.ifi_mtu; + ifindex = ifm->ifm_index; + break; + } + } + } + free(buf); + return (ifindex); +} + + +static void +sigterm_handler(int sig) +{ + + (void)unlink(pidfilename); + exit(0); +} + + +void +usage(void) +{ + + fprintf(stderr, "usage: tcpmssd [-v] -p port {-i iface | -m mtu}\n"); + exit(1); +} |