All of lore.kernel.org
 help / color / mirror / Atom feed
* [NETFILTER 3/3]: Fix HW checksum handling in TCPMSS target
@ 2005-08-20  1:40 Patrick McHardy
  2005-08-20  2:12 ` Patrick McHardy
  0 siblings, 1 reply; 3+ messages in thread
From: Patrick McHardy @ 2005-08-20  1:40 UTC (permalink / raw)
  To: David S. Miller; +Cc: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 0 bytes --]



[-- Attachment #2: 03-2.6.13.diff --]
[-- Type: text/x-patch, Size: 3271 bytes --]

[NETFILTER]: Fix HW checksum handling in TCPMSS target

Most importantly, remove bogus BUG() in receive path.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit d02587b6086d97c5bb1236c817702f87114c03cc
tree d962e88ca0c71a2f082a6926afffbfd18217d856
parent b477e1c6defc1b0e1181350908714e11de5768dd
author Patrick McHardy <kaber@trash.net> Sat, 20 Aug 2005 03:35:30 +0200
committer Patrick McHardy <kaber@trash.net> Sat, 20 Aug 2005 03:35:30 +0200

 net/ipv4/netfilter/ipt_TCPMSS.c |   32 +++++++++++++++++++-------------
 1 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -61,6 +61,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 	if (!skb_ip_make_writable(pskb, (*pskb)->len))
 		return NF_DROP;
 
+	if ((*pskb)->ip_summed == CHECKSUM_HW &&
+	    skb_checksum_help(*pskb, out == NULL))
+		return NF_DROP;
+
 	iph = (*pskb)->nh.iph;
 	tcplen = (*pskb)->len - iph->ihl*4;
 
@@ -114,9 +118,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 			opt[i+2] = (newmss & 0xff00) >> 8;
 			opt[i+3] = (newmss & 0x00ff);
 
-			tcph->check = cheat_check(htons(oldmss)^0xFFFF,
-						  htons(newmss),
-						  tcph->check);
+			if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
+				tcph->check = cheat_check(htons(oldmss)^0xFFFF,
+							  htons(newmss),
+							  tcph->check);
 
 			DEBUGP(KERN_INFO "ipt_tcpmss_target: %u.%u.%u.%u:%hu"
 			       "->%u.%u.%u.%u:%hu changed TCP MSS option"
@@ -126,7 +131,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 			       NIPQUAD((*pskb)->nh.iph->daddr),
 			       ntohs(tcph->dest),
 			       oldmss, newmss);
-			goto retmodified;
+			goto out;
 		}
 	}
 
@@ -156,8 +161,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
  	opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
 	memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
 
-	tcph->check = cheat_check(htons(tcplen) ^ 0xFFFF,
-				  htons(tcplen + TCPOLEN_MSS), tcph->check);
+	if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
+		tcph->check = cheat_check(htons(tcplen) ^ 0xFFFF,
+					  htons(tcplen + TCPOLEN_MSS),
+					  tcph->check);
 	tcplen += TCPOLEN_MSS;
 
 	opt[0] = TCPOPT_MSS;
@@ -165,12 +172,14 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 	opt[2] = (newmss & 0xff00) >> 8;
 	opt[3] = (newmss & 0x00ff);
 
-	tcph->check = cheat_check(~0, *((u_int32_t *)opt), tcph->check);
+	if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
+		tcph->check = cheat_check(~0, *((u_int32_t *)opt), tcph->check);
 
 	oldval = ((u_int16_t *)tcph)[6];
 	tcph->doff += TCPOLEN_MSS/4;
-	tcph->check = cheat_check(oldval ^ 0xFFFF,
-				  ((u_int16_t *)tcph)[6], tcph->check);
+	if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
+		tcph->check = cheat_check(oldval ^ 0xFFFF,
+					  ((u_int16_t *)tcph)[6], tcph->check);
 
 	newtotlen = htons(ntohs(iph->tot_len) + TCPOLEN_MSS);
 	iph->check = cheat_check(iph->tot_len ^ 0xFFFF,
@@ -185,10 +194,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 	       ntohs(tcph->dest),
 	       newmss);
 
- retmodified:
-	/* We never hw checksum SYN packets.  */
-	BUG_ON((*pskb)->ip_summed == CHECKSUM_HW);
-
+out:
 	(*pskb)->nfcache |= NFC_UNKNOWN | NFC_ALTERED;
 	return IPT_CONTINUE;
 }

[-- Attachment #3: 03-2.6.14.diff --]
[-- Type: text/x-patch, Size: 3221 bytes --]

[NETFILTER]: Fix HW checksum handling in TCPMSS target

Most importantly, remove bogus BUG() in receive path.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit be3af8346490b612b4f031e5421efcc3660ae6a8
tree e685b08f68938861c6e16744703e5e53e24e421d
parent f1929b1a15a9a7d9761b344d3522698bd656154e
author Patrick McHardy <kaber@trash.net> Sat, 20 Aug 2005 03:29:14 +0200
committer Patrick McHardy <kaber@trash.net> Sat, 20 Aug 2005 03:29:14 +0200

 net/ipv4/netfilter/ipt_TCPMSS.c |   32 +++++++++++++++++++-------------
 1 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -61,6 +61,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 	if (!skb_make_writable(pskb, (*pskb)->len))
 		return NF_DROP;
 
+	if ((*pskb)->ip_summed == CHECKSUM_HW &&
+	    skb_checksum_help(*pskb, out == NULL))
+		return NF_DROP;
+
 	iph = (*pskb)->nh.iph;
 	tcplen = (*pskb)->len - iph->ihl*4;
 
@@ -114,9 +118,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 			opt[i+2] = (newmss & 0xff00) >> 8;
 			opt[i+3] = (newmss & 0x00ff);
 
-			tcph->check = cheat_check(htons(oldmss)^0xFFFF,
-						  htons(newmss),
-						  tcph->check);
+			if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
+				tcph->check = cheat_check(htons(oldmss)^0xFFFF,
+							  htons(newmss),
+							  tcph->check);
 
 			DEBUGP(KERN_INFO "ipt_tcpmss_target: %u.%u.%u.%u:%hu"
 			       "->%u.%u.%u.%u:%hu changed TCP MSS option"
@@ -126,7 +131,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 			       NIPQUAD((*pskb)->nh.iph->daddr),
 			       ntohs(tcph->dest),
 			       oldmss, newmss);
-			goto retmodified;
+			goto out;
 		}
 	}
 
@@ -156,8 +161,10 @@ ipt_tcpmss_target(struct sk_buff **pskb,
  	opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
 	memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
 
-	tcph->check = cheat_check(htons(tcplen) ^ 0xFFFF,
-				  htons(tcplen + TCPOLEN_MSS), tcph->check);
+	if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
+		tcph->check = cheat_check(htons(tcplen) ^ 0xFFFF,
+					  htons(tcplen + TCPOLEN_MSS),
+					  tcph->check);
 	tcplen += TCPOLEN_MSS;
 
 	opt[0] = TCPOPT_MSS;
@@ -165,12 +172,14 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 	opt[2] = (newmss & 0xff00) >> 8;
 	opt[3] = (newmss & 0x00ff);
 
-	tcph->check = cheat_check(~0, *((u_int32_t *)opt), tcph->check);
+	if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
+		tcph->check = cheat_check(~0, *((u_int32_t *)opt), tcph->check);
 
 	oldval = ((u_int16_t *)tcph)[6];
 	tcph->doff += TCPOLEN_MSS/4;
-	tcph->check = cheat_check(oldval ^ 0xFFFF,
-				  ((u_int16_t *)tcph)[6], tcph->check);
+	if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY)
+		tcph->check = cheat_check(oldval ^ 0xFFFF,
+					  ((u_int16_t *)tcph)[6], tcph->check);
 
 	newtotlen = htons(ntohs(iph->tot_len) + TCPOLEN_MSS);
 	iph->check = cheat_check(iph->tot_len ^ 0xFFFF,
@@ -185,10 +194,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
 	       ntohs(tcph->dest),
 	       newmss);
 
- retmodified:
-	/* We never hw checksum SYN packets.  */
-	BUG_ON((*pskb)->ip_summed == CHECKSUM_HW);
-
+out:
 	return IPT_CONTINUE;
 }
 

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-08-21  0:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-20  1:40 [NETFILTER 3/3]: Fix HW checksum handling in TCPMSS target Patrick McHardy
2005-08-20  2:12 ` Patrick McHardy
2005-08-21  0:41   ` David S. Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.