From nobody Wed May 28 21:55:52 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b73Gd70rpz5xK6D; Wed, 28 May 2025 21:55:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4b73Gd1cKhz4770; Wed, 28 May 2025 21:55:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748469353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cvZit0cSi/4P6q8OZFpBQOJ80KbqG/OFbGt+sRQVlNw=; b=w7yXx6XZ2WlxC6LuatqtdQp0VvHT8g/hgtPjkS2I6vB9+sS07GIzGm6w7xVEfOT8SFuBfg 0yGi3eaAMmrEOgMQSsN+0y609eD5uxcOx93wNUhhqR2zFuwcz6M2oDrDmCq6+4eVDaAVTy 0f3L+hLDQUO8x45QgtPu+MgVRH/GDhpLsLsdOIhdDN+4jYTH5CzYQDCMKtyC2TXZhrvoYa QIrzhiFabFRioVm6psfB7WFWrhW2bWVpxJR1NbDHmaUwGbZ10NhoQAs1objJORWOiXDzDb Ng6Geagya8aS1JZPm7yy1p7kmX1DhksG5pzOf7EcDNOBI+sKULRHRs71NVV8UA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1748469353; a=rsa-sha256; cv=none; b=esrwSmosXvN1691StARJ9RnFbF6f0yMY+cm2+I0gn14pZf4MWbY8JNEexTHNvFgIuOS1aU shS8RUfhOX7eARPfBqoVgmIgvPYbfN7xI1ZBRaIAKZID9iAP+wuWu/71iJ8TiN/B5d/OYA YEdECzCwAIaiPr0ArP+x5RrDhsFwPahxte3xUlL5qshtOoKb1mJfSuwnzvgkxTEeumxSEw 9E6sfmk2SY7RltkW/b3PYgdmUA6o/YrMKTwqpBN5r2Ji2ZAdIfP/jAKgLGyKFHnp2gb9gi F1Jnk2mPHnGy+Mwj5ioH69Jo0lxvqE2ZGMREtGz5AAwn+2D2X0oYiEEfrSs4Tg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748469353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cvZit0cSi/4P6q8OZFpBQOJ80KbqG/OFbGt+sRQVlNw=; b=F715hgNw9X/LZR29Y4RyWaMThO/WAx+itpA3nrN0kgMGUZSVifnJ9Z4pauVbt2J7+prfNY XWC11nLF0pVZy3Syer4+/PlMXxcNzvGIyZnfY1rba8srutK7uEUYLDeoH+WTNOS22Vf3qJ EPsdAHcFNxinCK8wvZrIaXG9bulumZ+ZMwIFt3OJMGvcoLTylDlBWuy4vi5rP0r54Ro2YU J5HjVjx+/cm5UtCcDKHPDdxxvomonbKAGmAjKpQOfvDeTDzmVCfzBWSw5Ifw1wCZVPj+54 ET9pSp7NYkVdBgC1Vg5rQ8XXDkOPvKwey7hbguZNCoRzdBDvmd3TC/yn88v1/A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4b73Gd0bcJzvl1; Wed, 28 May 2025 21:55:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 54SLtqxA055009; Wed, 28 May 2025 21:55:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 54SLtqj7055006; Wed, 28 May 2025 21:55:52 GMT (envelope-from git) Date: Wed, 28 May 2025 21:55:52 GMT Message-Id: <202505282155.54SLtqj7055006@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 9a445773752f - main - pf: teach pf_build_tcp() about SACK List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9a445773752f238226940da403e3a4773d2930a9 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=9a445773752f238226940da403e3a4773d2930a9 commit 9a445773752f238226940da403e3a4773d2930a9 Author: Kristof Provost AuthorDate: 2025-05-27 10:02:15 +0000 Commit: Kristof Provost CommitDate: 2025-05-28 21:40:37 +0000 pf: teach pf_build_tcp() about SACK ok & with sashan Obtained from: OpenBSD, henning , 01c3818b6b Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/net/pfvar.h | 2 +- sys/netpfil/pf/pf.c | 14 ++++++++++++-- sys/netpfil/pf/pf_syncookies.c | 2 +- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 91fdcfcbec1d..1cdd575366e8 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -2561,7 +2561,7 @@ struct mbuf *pf_build_tcp(const struct pf_krule *, sa_family_t, const struct pf_addr *, const struct pf_addr *, u_int16_t, u_int16_t, u_int32_t, u_int32_t, u_int8_t, u_int16_t, u_int16_t, u_int8_t, int, - u_int16_t, u_int16_t, int); + u_int16_t, u_int16_t, u_int, int); void pf_send_tcp(const struct pf_krule *, sa_family_t, const struct pf_addr *, const struct pf_addr *, u_int16_t, u_int16_t, u_int32_t, u_int32_t, diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 996e329a204e..5c572dfcd425 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3990,7 +3990,8 @@ pf_build_tcp(const struct pf_krule *r, sa_family_t af, const struct pf_addr *saddr, const struct pf_addr *daddr, u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack, u_int8_t tcp_flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, - int mbuf_flags, u_int16_t mtag_tag, u_int16_t mtag_flags, int rtableid) + int mbuf_flags, u_int16_t mtag_tag, u_int16_t mtag_flags, u_int sack, + int rtableid) { struct mbuf *m; int len, tlen; @@ -4011,6 +4012,8 @@ pf_build_tcp(const struct pf_krule *r, sa_family_t af, tlen = sizeof(struct tcphdr); if (mss) tlen += 4; + if (sack) + tlen += 2; switch (af) { #ifdef INET @@ -4115,12 +4118,19 @@ pf_build_tcp(const struct pf_krule *r, sa_family_t af, tcp_set_flags(th, tcp_flags); th->th_win = htons(win); + opt = (char *)(th + 1); if (mss) { opt = (char *)(th + 1); opt[0] = TCPOPT_MAXSEG; opt[1] = 4; mss = htons(mss); memcpy((opt + 2), &mss, 2); + opt += 4; + } + if (sack) { + opt[0] = TCPOPT_SACK_PERMITTED; + opt[1] = 2; + opt += 2; } return (m); @@ -4253,7 +4263,7 @@ pf_send_tcp(const struct pf_krule *r, sa_family_t af, struct mbuf *m; m = pf_build_tcp(r, af, saddr, daddr, sport, dport, seq, ack, tcp_flags, - win, mss, ttl, mbuf_flags, mtag_tag, mtag_flags, rtableid); + win, mss, ttl, mbuf_flags, mtag_tag, mtag_flags, 0, rtableid); if (m == NULL) return; diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c index 3a0e23100f7c..66757fa4b756 100644 --- a/sys/netpfil/pf/pf_syncookies.c +++ b/sys/netpfil/pf/pf_syncookies.c @@ -518,5 +518,5 @@ pf_syncookie_recreate_syn(struct pf_pdesc *pd) return (pf_build_tcp(NULL, pd->af, pd->src, pd->dst, *pd->sport, *pd->dport, seq, 0, TH_SYN, wscale, mss, pd->ttl, (pd->m->m_flags & M_LOOP), 0, PF_MTAG_FLAG_SYNCOOKIE_RECREATED, - pd->act.rtableid)); + cookie.flags.sack_ok, pd->act.rtableid)); }