[NETFILTER]: Add address family specific checksum helpers
Add checksum operation which takes care of verifying the checksum and dealing with HW checksum errors and avoids multiple checksum operations by setting ip_summed to CHECKSUM_UNNECESSARY after successful verification. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
David S. Miller
parent
bce8032ef3
commit
422c346fad
|
|
@ -285,6 +285,8 @@ extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
|
|||
|
||||
struct nf_afinfo {
|
||||
unsigned short family;
|
||||
unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, u_int8_t protocol);
|
||||
void (*saveroute)(const struct sk_buff *skb,
|
||||
struct nf_info *info);
|
||||
int (*reroute)(struct sk_buff **skb,
|
||||
|
|
@ -298,6 +300,21 @@ static inline struct nf_afinfo *nf_get_afinfo(unsigned short family)
|
|||
return rcu_dereference(nf_afinfo[family]);
|
||||
}
|
||||
|
||||
static inline unsigned int
|
||||
nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
|
||||
u_int8_t protocol, unsigned short family)
|
||||
{
|
||||
struct nf_afinfo *afinfo;
|
||||
unsigned int csum = 0;
|
||||
|
||||
rcu_read_lock();
|
||||
afinfo = nf_get_afinfo(family);
|
||||
if (afinfo)
|
||||
csum = afinfo->checksum(skb, hook, dataoff, protocol);
|
||||
rcu_read_unlock();
|
||||
return csum;
|
||||
}
|
||||
|
||||
extern int nf_register_afinfo(struct nf_afinfo *afinfo);
|
||||
extern void nf_unregister_afinfo(struct nf_afinfo *afinfo);
|
||||
|
||||
|
|
|
|||
|
|
@ -80,6 +80,8 @@ enum nf_ip_hook_priorities {
|
|||
#ifdef __KERNEL__
|
||||
extern int ip_route_me_harder(struct sk_buff **pskb);
|
||||
extern int ip_xfrm_me_harder(struct sk_buff **pskb);
|
||||
extern unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, u_int8_t protocol);
|
||||
#endif /*__KERNEL__*/
|
||||
|
||||
#endif /*__LINUX_IP_NETFILTER_H*/
|
||||
|
|
|
|||
|
|
@ -73,6 +73,9 @@ enum nf_ip6_hook_priorities {
|
|||
};
|
||||
|
||||
#ifdef CONFIG_NETFILTER
|
||||
extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, u_int8_t protocol);
|
||||
|
||||
extern int ipv6_netfilter_init(void);
|
||||
extern void ipv6_netfilter_fini(void);
|
||||
#else /* CONFIG_NETFILTER */
|
||||
|
|
|
|||
|
|
@ -161,8 +161,41 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
|
|||
return 0;
|
||||
}
|
||||
|
||||
unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, u_int8_t protocol)
|
||||
{
|
||||
struct iphdr *iph = skb->nh.iph;
|
||||
unsigned int csum = 0;
|
||||
|
||||
switch (skb->ip_summed) {
|
||||
case CHECKSUM_HW:
|
||||
if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN)
|
||||
break;
|
||||
if ((protocol == 0 && !(u16)csum_fold(skb->csum)) ||
|
||||
!csum_tcpudp_magic(iph->saddr, iph->daddr,
|
||||
skb->len - dataoff, protocol,
|
||||
skb->csum)) {
|
||||
skb->ip_summed = CHECKSUM_UNNECESSARY;
|
||||
break;
|
||||
}
|
||||
/* fall through */
|
||||
case CHECKSUM_NONE:
|
||||
if (protocol == 0)
|
||||
skb->csum = 0;
|
||||
else
|
||||
skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
|
||||
skb->len - dataoff,
|
||||
protocol, 0);
|
||||
csum = __skb_checksum_complete(skb);
|
||||
}
|
||||
return csum;
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(nf_ip_checksum);
|
||||
|
||||
static struct nf_afinfo nf_ip_afinfo = {
|
||||
.family = AF_INET,
|
||||
.checksum = nf_ip_checksum,
|
||||
.saveroute = nf_ip_saveroute,
|
||||
.reroute = nf_ip_reroute,
|
||||
.route_key_size = sizeof(struct ip_rt_info),
|
||||
|
|
|
|||
|
|
@ -79,8 +79,42 @@ static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info)
|
|||
return 0;
|
||||
}
|
||||
|
||||
unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, u_int8_t protocol)
|
||||
{
|
||||
struct ipv6hdr *ip6h = skb->nh.ipv6h;
|
||||
unsigned int csum = 0;
|
||||
|
||||
switch (skb->ip_summed) {
|
||||
case CHECKSUM_HW:
|
||||
if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN)
|
||||
break;
|
||||
if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
|
||||
skb->len - dataoff, protocol,
|
||||
csum_sub(skb->csum,
|
||||
skb_checksum(skb, 0,
|
||||
dataoff, 0)))) {
|
||||
skb->ip_summed = CHECKSUM_UNNECESSARY;
|
||||
break;
|
||||
}
|
||||
/* fall through */
|
||||
case CHECKSUM_NONE:
|
||||
skb->csum = ~csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
|
||||
skb->len - dataoff,
|
||||
protocol,
|
||||
csum_sub(0,
|
||||
skb_checksum(skb, 0,
|
||||
dataoff, 0)));
|
||||
csum = __skb_checksum_complete(skb);
|
||||
}
|
||||
return csum;
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(nf_ip6_checksum);
|
||||
|
||||
static struct nf_afinfo nf_ip6_afinfo = {
|
||||
.family = AF_INET6,
|
||||
.checksum = nf_ip6_checksum,
|
||||
.saveroute = nf_ip6_saveroute,
|
||||
.reroute = nf_ip6_reroute,
|
||||
.route_key_size = sizeof(struct ip6_rt_info),
|
||||
|
|
|
|||
Loading…
Reference in New Issue