From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 11/12]: Add address family specific checksum helpers
Date: Thu, 6 Apr 2006 12:05:08 +0200 (MEST) [thread overview]
Message-ID: <20060406100508.17409.68682.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20060406100452.17409.37120.sendpatchset@localhost.localdomain>
[NETFILTER]: Add address family specific checksum helpers
Add checksum operation which takes care of verifying the checksum and
dealing with HW checksum errors and avoids multiple checksum operations
by setting ip_summed to CHECKSUM_UNNECESSARY after successful verification.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit b204de98f3e9d2f9d47141c6a1036a2a27729329
tree baf5ff3876cccf6b875f2c5d794d6fe9becd17b3
parent 6a870bcf3e2ee0394ee23cb1ca32de2195edf86d
author Patrick McHardy <kaber@trash.net> Thu, 06 Apr 2006 11:43:58 +0200
committer Patrick McHardy <kaber@trash.net> Thu, 06 Apr 2006 11:43:58 +0200
include/linux/netfilter.h | 17 +++++++++++++++++
include/linux/netfilter_ipv4.h | 2 ++
include/linux/netfilter_ipv6.h | 3 +++
net/ipv4/netfilter.c | 33 +++++++++++++++++++++++++++++++++
net/ipv6/netfilter.c | 34 ++++++++++++++++++++++++++++++++++
5 files changed, 89 insertions(+), 0 deletions(-)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 6ee168c..b31a9bc 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -285,6 +285,8 @@ extern int skb_make_writable(struct sk_b
struct nf_afinfo {
unsigned short family;
+ unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, u_int8_t protocol);
void (*saveroute)(const struct sk_buff *skb,
struct nf_info *info);
int (*reroute)(struct sk_buff **skb,
@@ -298,6 +300,21 @@ static inline struct nf_afinfo *nf_get_a
return rcu_dereference(nf_afinfo[family]);
}
+static inline unsigned int
+nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
+ u_int8_t protocol, unsigned short family)
+{
+ struct nf_afinfo *afinfo;
+ unsigned int csum = 0;
+
+ rcu_read_lock();
+ afinfo = nf_get_afinfo(family);
+ if (afinfo)
+ csum = afinfo->checksum(skb, hook, dataoff, protocol);
+ rcu_read_unlock();
+ return csum;
+}
+
extern int nf_register_afinfo(struct nf_afinfo *afinfo);
extern void nf_unregister_afinfo(struct nf_afinfo *afinfo);
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
index 43c09d7..85301c5 100644
--- a/include/linux/netfilter_ipv4.h
+++ b/include/linux/netfilter_ipv4.h
@@ -80,6 +80,8 @@ enum nf_ip_hook_priorities {
#ifdef __KERNEL__
extern int ip_route_me_harder(struct sk_buff **pskb);
extern int ip_xfrm_me_harder(struct sk_buff **pskb);
+extern unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, u_int8_t protocol);
#endif /*__KERNEL__*/
#endif /*__LINUX_IP_NETFILTER_H*/
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index 14f2bd0..52a7b9e 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -73,6 +73,9 @@ enum nf_ip6_hook_priorities {
};
#ifdef CONFIG_NETFILTER
+extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, u_int8_t protocol);
+
extern int ipv6_netfilter_init(void);
extern void ipv6_netfilter_fini(void);
#else /* CONFIG_NETFILTER */
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index b25339c..6a9e34b 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -161,8 +161,41 @@ static int nf_ip_reroute(struct sk_buff
return 0;
}
+unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, u_int8_t protocol)
+{
+ struct iphdr *iph = skb->nh.iph;
+ unsigned int csum = 0;
+
+ switch (skb->ip_summed) {
+ case CHECKSUM_HW:
+ if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN)
+ break;
+ if ((protocol == 0 && !(u16)csum_fold(skb->csum)) ||
+ !csum_tcpudp_magic(iph->saddr, iph->daddr,
+ skb->len - dataoff, protocol,
+ skb->csum)) {
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
+ break;
+ }
+ /* fall through */
+ case CHECKSUM_NONE:
+ if (protocol == 0)
+ skb->csum = 0;
+ else
+ skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
+ skb->len - dataoff,
+ protocol, 0);
+ csum = __skb_checksum_complete(skb);
+ }
+ return csum;
+}
+
+EXPORT_SYMBOL(nf_ip_checksum);
+
static struct nf_afinfo nf_ip_afinfo = {
.family = AF_INET,
+ .checksum = nf_ip_checksum,
.saveroute = nf_ip_saveroute,
.reroute = nf_ip_reroute,
.route_key_size = sizeof(struct ip_rt_info),
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index f514a01..3e9ecfa 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -79,8 +79,42 @@ static int nf_ip6_reroute(struct sk_buff
return 0;
}
+unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, u_int8_t protocol)
+{
+ struct ipv6hdr *ip6h = skb->nh.ipv6h;
+ unsigned int csum = 0;
+
+ switch (skb->ip_summed) {
+ case CHECKSUM_HW:
+ if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN)
+ break;
+ if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
+ skb->len - dataoff, protocol,
+ csum_sub(skb->csum,
+ skb_checksum(skb, 0,
+ dataoff, 0)))) {
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
+ break;
+ }
+ /* fall through */
+ case CHECKSUM_NONE:
+ skb->csum = ~csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
+ skb->len - dataoff,
+ protocol,
+ csum_sub(0,
+ skb_checksum(skb, 0,
+ dataoff, 0)));
+ csum = __skb_checksum_complete(skb);
+ }
+ return csum;
+}
+
+EXPORT_SYMBOL(nf_ip6_checksum);
+
static struct nf_afinfo nf_ip6_afinfo = {
.family = AF_INET6,
+ .checksum = nf_ip6_checksum,
.saveroute = nf_ip6_saveroute,
.reroute = nf_ip6_reroute,
.route_key_size = sizeof(struct ip6_rt_info),
next prev parent reply other threads:[~2006-04-06 10:05 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-06 10:04 [NETFILTER 00/12]: Netfilter Update Patrick McHardy
2006-04-06 10:04 ` [NETFILTER 01/12]: Add helper functions for mass hook registration/unregistration Patrick McHardy
2006-04-06 15:42 ` Jones Desougi
2006-04-06 16:10 ` Patrick McHardy
2006-04-06 21:11 ` David S. Miller
2006-04-06 10:04 ` [NETFILTER 02/12]: Clean up hook registration Patrick McHardy
2006-04-06 21:12 ` David S. Miller
2006-04-06 10:04 ` [NETFILTER 03/12]: Fix section mismatch warnings Patrick McHardy
2006-04-06 21:13 ` David S. Miller
2006-04-06 22:42 ` Patrick McHardy
2006-04-06 10:04 ` [NETFILTER 04/12]: H.323 helper: move some function prototypes to ip_conntrack_h323.h Patrick McHardy
2006-04-06 21:13 ` David S. Miller
2006-04-06 10:05 ` [NETFILTER 05/12]: H.323 helper: change EXPORT_SYMBOL to EXPORT_SYMBOL_GPL Patrick McHardy
2006-04-06 21:14 ` David S. Miller
2006-04-06 10:05 ` [NETFILTER 06/12]: H.323 helper: make get_h245_addr() static Patrick McHardy
2006-04-06 21:15 ` David S. Miller
2006-04-06 10:05 ` [NETFILTER 07/12]: H.323 helper: add parameter 'default_rrq_ttl' Patrick McHardy
2006-04-06 21:15 ` David S. Miller
2006-04-06 10:05 ` [NETFILTER 08/12]: H.323 helper: update Changelog Patrick McHardy
2006-04-06 21:17 ` David S. Miller
2006-04-06 22:36 ` Patrick McHardy
2006-04-06 10:05 ` [NETFILTER 09/12]: Fix IP_NF_CONNTRACK_NETLINK dependency Patrick McHardy
2006-04-06 21:17 ` David S. Miller
2006-04-06 10:05 ` [NETFILTER 10/12]: Introduce infrastructure for address family specific operations Patrick McHardy
2006-04-06 21:18 ` David S. Miller
2006-04-06 10:05 ` Patrick McHardy [this message]
2006-04-06 21:18 ` [NETFILTER 11/12]: Add address family specific checksum helpers David S. Miller
2006-04-06 10:05 ` [NETFILTER 12/12]: Convert conntrack/ipt_REJECT to new checksumming functions Patrick McHardy
2006-04-06 21:19 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060406100508.17409.68682.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.