From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: [NETFILTER 3/3]: Fix HW checksum handling in TCPMSS target
Date: Sat, 20 Aug 2005 04:12:46 +0200 [thread overview]
Message-ID: <4306919E.4000602@trash.net> (raw)
In-Reply-To: <430689F7.5070305@trash.net>
[-- Attachment #1: Type: text/plain, Size: 580 bytes --]
Patrick McHardy wrote:
> @@ -114,9 +118,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
> opt[i+2] = (newmss & 0xff00) >> 8;
> opt[i+3] = (newmss & 0x00ff);
>
> - tcph->check = cheat_check(htons(oldmss)^0xFFFF,
> - htons(newmss),
> - tcph->check);
> + if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
> + tcph->check = cheat_check(htons(oldmss)^0xFFFF,
> + htons(newmss),
> + tcph->check);
On second thought, this is not a good idea, we need to update the
checksum in any case for forwarded packets. These patches should
be better.
[-- Attachment #2: 03-2.6.13.diff --]
[-- Type: text/x-patch, Size: 1276 bytes --]
[NETFILTER]: Fix HW checksum handling in TCPMSS target
Most importantly, remove bogus BUG() in receive path.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 2f22a5a1a34286cde024bef21c75299a9ec8b564
tree 2ff9f0f32fd4cef9df2c121bf6772ab254f8ec41
parent b477e1c6defc1b0e1181350908714e11de5768dd
author Patrick McHardy <kaber@trash.net> Sat, 20 Aug 2005 04:11:03 +0200
committer Patrick McHardy <kaber@trash.net> Sat, 20 Aug 2005 04:11:03 +0200
net/ipv4/netfilter/ipt_TCPMSS.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -61,6 +61,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
if (!skb_ip_make_writable(pskb, (*pskb)->len))
return NF_DROP;
+ if ((*pskb)->ip_summed == CHECKSUM_HW &&
+ skb_checksum_help(*pskb, out == NULL))
+ return NF_DROP;
+
iph = (*pskb)->nh.iph;
tcplen = (*pskb)->len - iph->ihl*4;
@@ -186,9 +190,6 @@ ipt_tcpmss_target(struct sk_buff **pskb,
newmss);
retmodified:
- /* We never hw checksum SYN packets. */
- BUG_ON((*pskb)->ip_summed == CHECKSUM_HW);
-
(*pskb)->nfcache |= NFC_UNKNOWN | NFC_ALTERED;
return IPT_CONTINUE;
}
[-- Attachment #3: 03-2.6.14.diff --]
[-- Type: text/x-patch, Size: 1226 bytes --]
[NETFILTER]: Fix HW checksum handling in TCPMSS target
Most importantly, remove bogus BUG() in receive path.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 7591ae593acedfcb570f713902b9dbd6b4ae3581
tree 92a7500452c3edd781680c93b93056d04ce66d87
parent f1929b1a15a9a7d9761b344d3522698bd656154e
author Patrick McHardy <kaber@trash.net> Sat, 20 Aug 2005 04:10:18 +0200
committer Patrick McHardy <kaber@trash.net> Sat, 20 Aug 2005 04:10:18 +0200
net/ipv4/netfilter/ipt_TCPMSS.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -61,6 +61,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
if (!skb_make_writable(pskb, (*pskb)->len))
return NF_DROP;
+ if ((*pskb)->ip_summed == CHECKSUM_HW &&
+ skb_checksum_help(*pskb, out == NULL))
+ return NF_DROP;
+
iph = (*pskb)->nh.iph;
tcplen = (*pskb)->len - iph->ihl*4;
@@ -186,9 +190,6 @@ ipt_tcpmss_target(struct sk_buff **pskb,
newmss);
retmodified:
- /* We never hw checksum SYN packets. */
- BUG_ON((*pskb)->ip_summed == CHECKSUM_HW);
-
return IPT_CONTINUE;
}
next prev parent reply other threads:[~2005-08-20 2:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-20 1:40 [NETFILTER 3/3]: Fix HW checksum handling in TCPMSS target Patrick McHardy
2005-08-20 2:12 ` Patrick McHardy [this message]
2005-08-21 0:41 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4306919E.4000602@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.