Page MenuHomeFreeBSD
Differential D37300

ipfw: NAT steal TH_RES1 bit, instead of TH_AE
ClosedPublic
Actions

Authored by rscheff on Nov 7 2022, 12:52 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 27, 6:19 AM
Unknown Object (File)
Fri, Oct 18, 8:31 AM
Unknown Object (File)
Fri, Oct 18, 8:31 AM
Unknown Object (File)
Fri, Oct 18, 8:30 AM
Unknown Object (File)
Fri, Oct 18, 8:10 AM
Unknown Object (File)
Sep 25 2024, 10:18 AM
Unknown Object (File)
Sep 25 2024, 10:18 AM
Unknown Object (File)
Sep 24 2024, 6:43 PM
View All 50 Files
Subscribers
ae
donner
glebius
imp
melifaro

Details

Reviewers
glebius
tuexen
jhb
gbe
mjg
kp
cy
donner
hselasky
Group Reviewers
transport
Commits
rG86bdbdece4ae: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit
rG9839a5ad3a68: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit
rG02751c6321ad: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit
rG0b00b801493a: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit
Summary

Apparently the NAT module needs to track when the TCP checksum
has to be recalculated using TSO capable hardware. It used to
use the lowest bit of the tcphdr.th_x2 field. This now
collides with the use of this TCP header flag as AccECN (AE)
bit - and clearing it disables negotiation of AccECN across
a NAT device.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

rscheff created this revision.Nov 7 2022, 12:52 PM
Herald added a reviewer: transport. · View Herald TranscriptNov 7 2022, 12:52 PM
Herald added subscribers: glebius, donner, melifaro and 2 others. · View Herald Transcript
rscheff requested review of this revision.Nov 7 2022, 12:52 PM
Harbormaster completed remote builds in B48206: Diff 112725.Nov 7 2022, 12:53 PM
rscheff edited the summary of this revision. (Show Details)Nov 7 2022, 12:58 PM
rscheff added reviewers: glebius, tuexen, jhb, gbe, mjg, kp, cy, donner, hselasky.
tuexen accepted this revision.Nov 7 2022, 1:56 PM

The kernel part was tested with a NAT instance in my lab.

This revision is now accepted and ready to land.Nov 7 2022, 1:56 PM
rscheff added a comment.Nov 7 2022, 4:09 PM

FYI - The plan is also to MFC this to Stable/13 (prior to 13.2 release) and Stable/12

Closed by commit rG0b00b801493a: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit (authored by rscheff). · Explain WhyNov 9 2022, 4:04 PM
This revision was automatically updated to reflect the committed changes.
rscheff added a commit: rG0b00b801493a: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit.
rscheff added a commit: rG02751c6321ad: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit.Nov 10 2022, 7:23 AM
rscheff added a commit: rG9839a5ad3a68: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit.Nov 10 2022, 7:47 AM
rscheff added a commit: rG86bdbdece4ae: ipfw: Have NAT steal the TH_RES1 bit, instead of the TH_AE bit.Nov 10 2022, 3:03 PM
rscheff mentioned this in D43172: netpfil: Use accessor functions and named constants for all tcphdr flags.Dec 24 2023, 4:57 PM

Revision Contents
Changeset List

PathSize
sys/
netinet/
libalias/
2 lines
2 lines
2 lines
6 lines
4 lines
3 lines
netpfil/
ipfw/
4 lines

Diff 112804

View Options

sys/netinet/libalias/alias_ftp.c

Loading...
View Options

sys/netinet/libalias/alias_irc.c

Loading...
View Options

sys/netinet/libalias/alias_proxy.c

Loading...
View Options

sys/netinet/libalias/alias_skinny.c

Loading...
View Options

sys/netinet/libalias/alias_smedia.c

Loading...
View Options

sys/netinet/tcp.h

Loading...
View Options

sys/netpfil/ipfw/ip_fw_nat.c

Loading...