* [PATCH 2.6] ipvs - do not use skb_checksum_help, nf_reset
@ 2004-09-11 7:21 Julian Anastasov
2004-09-12 0:39 ` David S. Miller
0 siblings, 1 reply; 4+ messages in thread
From: Julian Anastasov @ 2004-09-11 7:21 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev, Wensong Zhang
Hello,
Some IPVS changes for 2.6.9-rc1-bk17:
- do not use skb_checksum_help in input path as ipvs can handle
incoming CHECKSUM_HW packets
- remove useless skb_checksum_help from forwarding path
- claim that checksum is valid (CHECKSUM_NONE) when entering output
path for out->in packets
- do not reset/destroy the nfct in IP_VS_XMIT, the intention is to
reset the debugging field just to avoid log floods from nf_debug_ip_*
functions, it is known that the out->in ipvs packets traverse hooks in
non-standard way, eg. LOCAL_IN->LOCAL_OUT
Signed-off-by: Julian Anastasov <ja@ssi.bg>
diff -ur v2.6.9-rc1-bk17/linux/net/ipv4/ipvs/ip_vs_core.c linux/net/ipv4/ipvs/ip_vs_core.c
--- v2.6.9-rc1-bk17/linux/net/ipv4/ipvs/ip_vs_core.c 2004-09-11 09:35:19.000000000 +0300
+++ linux/net/ipv4/ipvs/ip_vs_core.c 2004-09-11 09:37:57.868509136 +0300
@@ -743,13 +743,6 @@
if (skb->nfcache & NFC_IPVS_PROPERTY)
return NF_ACCEPT;
- if (skb->ip_summed == CHECKSUM_HW) {
- if (skb_checksum_help(pskb, (out == NULL)))
- return NF_DROP;
- if (skb != *pskb)
- skb = *pskb;
- }
-
iph = skb->nh.iph;
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
int related, verdict = ip_vs_out_icmp(pskb, &related);
@@ -993,13 +986,6 @@
return NF_ACCEPT;
}
- if (skb->ip_summed == CHECKSUM_HW) {
- if (skb_checksum_help(pskb, (out == NULL)))
- return NF_DROP;
- if (skb != *pskb)
- skb = *pskb;
- }
-
iph = skb->nh.iph;
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
int related, verdict = ip_vs_in_icmp(pskb, &related);
diff -ur v2.6.9-rc1-bk17/linux/net/ipv4/ipvs/ip_vs_xmit.c linux/net/ipv4/ipvs/ip_vs_xmit.c
--- v2.6.9-rc1-bk17/linux/net/ipv4/ipvs/ip_vs_xmit.c 2004-09-11 09:35:33.000000000 +0300
+++ linux/net/ipv4/ipvs/ip_vs_xmit.c 2004-09-11 09:42:28.497367296 +0300
@@ -124,11 +124,17 @@
dst_release(old_dst);
}
+#ifdef CONFIG_NETFILTER_DEBUG
+#define reset_nf_debugging(skb) do { (skb)->nf_debug = 0; } while (0)
+#else
+#define reset_nf_debugging(skb) do { } while (0)
+#endif
#define IP_VS_XMIT(skb, rt) \
do { \
- nf_reset(skb); \
+ reset_nf_debugging(skb); \
(skb)->nfcache |= NFC_IPVS_PROPERTY; \
+ (skb)->ip_summed = CHECKSUM_NONE; \
NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \
(rt)->u.dst.dev, dst_output); \
} while (0)
@@ -408,8 +414,6 @@
ip_select_ident(iph, &rt->u.dst, NULL);
ip_send_check(iph);
- skb->ip_summed = CHECKSUM_NONE;
-
/* Another hack: avoid icmp_send in ip_fragment */
skb->local_df = 1;
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2.6] ipvs - do not use skb_checksum_help, nf_reset
2004-09-11 7:21 [PATCH 2.6] ipvs - do not use skb_checksum_help, nf_reset Julian Anastasov
@ 2004-09-12 0:39 ` David S. Miller
2004-09-12 4:51 ` [PATCH 2.6] ipvs - v2: " Julian Anastasov
0 siblings, 1 reply; 4+ messages in thread
From: David S. Miller @ 2004-09-12 0:39 UTC (permalink / raw)
To: Julian Anastasov; +Cc: netdev, wensong
On Sat, 11 Sep 2004 10:21:36 +0300 (EEST)
Julian Anastasov <ja@ssi.bg> wrote:
> - do not reset/destroy the nfct in IP_VS_XMIT, the intention is to
> reset the debugging field just to avoid log floods from nf_debug_ip_*
> functions, it is known that the out->in ipvs packets traverse hooks in
> non-standard way, eg. LOCAL_IN->LOCAL_OUT
Please add a generic nf_reset_debug() in linux/skbuff.h instead
of this version local to the IPVS code.
I'll apply a resubmitted full patch with this change made to it.
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 2.6] ipvs - v2: do not use skb_checksum_help, nf_reset
2004-09-12 0:39 ` David S. Miller
@ 2004-09-12 4:51 ` Julian Anastasov
2004-09-12 23:43 ` David S. Miller
0 siblings, 1 reply; 4+ messages in thread
From: Julian Anastasov @ 2004-09-12 4:51 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev, Wensong Zhang
Hello,
Appended is a 2nd version that uses nf_reset_debug.
- do not use skb_checksum_help in input path as ipvs can handle
incoming CHECKSUM_HW packets
- do not use skb_checksum_help in forwarding path
- claim that checksum is valid (CHECKSUM_NONE) when entering output
path for out->in packets
- do not reset/destroy the nfct in IP_VS_XMIT, the intention is to
reset the debugging field just to avoid log floods from nf_debug_ip_*
functions, it is known that the ipvs packets traverse other
hooks, eg. LOCAL_IN->LOCAL_OUT. Use nf_reset_debug instead of nf_reset.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
diff -ur v2.6.9-rc1-bk17/linux/include/linux/skbuff.h linux/include/linux/skbuff.h
--- v2.6.9-rc1-bk17/linux/include/linux/skbuff.h 2004-09-11 09:35:19.000000000 +0300
+++ linux/include/linux/skbuff.h 2004-09-12 07:37:28.305973640 +0300
@@ -1159,6 +1159,12 @@
skb->nf_debug = 0;
#endif
}
+static inline void nf_reset_debug(struct sk_buff *skb)
+{
+#ifdef CONFIG_NETFILTER_DEBUG
+ skb->nf_debug = 0;
+#endif
+}
#ifdef CONFIG_BRIDGE_NETFILTER
static inline void nf_bridge_put(struct nf_bridge_info *nf_bridge)
diff -ur v2.6.9-rc1-bk17/linux/net/ipv4/ipvs/ip_vs_core.c linux/net/ipv4/ipvs/ip_vs_core.c
--- v2.6.9-rc1-bk17/linux/net/ipv4/ipvs/ip_vs_core.c 2004-09-11 09:59:19.000000000 +0300
+++ linux/net/ipv4/ipvs/ip_vs_core.c 2004-09-12 07:36:42.548929768 +0300
@@ -743,13 +743,6 @@
if (skb->nfcache & NFC_IPVS_PROPERTY)
return NF_ACCEPT;
- if (skb->ip_summed == CHECKSUM_HW) {
- if (skb_checksum_help(pskb, (out == NULL)))
- return NF_DROP;
- if (skb != *pskb)
- skb = *pskb;
- }
-
iph = skb->nh.iph;
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
int related, verdict = ip_vs_out_icmp(pskb, &related);
@@ -993,13 +986,6 @@
return NF_ACCEPT;
}
- if (skb->ip_summed == CHECKSUM_HW) {
- if (skb_checksum_help(pskb, (out == NULL)))
- return NF_DROP;
- if (skb != *pskb)
- skb = *pskb;
- }
-
iph = skb->nh.iph;
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
int related, verdict = ip_vs_in_icmp(pskb, &related);
diff -ur v2.6.9-rc1-bk17/linux/net/ipv4/ipvs/ip_vs_xmit.c linux/net/ipv4/ipvs/ip_vs_xmit.c
--- v2.6.9-rc1-bk17/linux/net/ipv4/ipvs/ip_vs_xmit.c 2004-09-11 09:59:19.000000000 +0300
+++ linux/net/ipv4/ipvs/ip_vs_xmit.c 2004-09-12 07:38:29.351693280 +0300
@@ -124,11 +124,11 @@
dst_release(old_dst);
}
-
#define IP_VS_XMIT(skb, rt) \
do { \
- nf_reset(skb); \
+ nf_reset_debug(skb); \
(skb)->nfcache |= NFC_IPVS_PROPERTY; \
+ (skb)->ip_summed = CHECKSUM_NONE; \
NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \
(rt)->u.dst.dev, dst_output); \
} while (0)
@@ -408,8 +408,6 @@
ip_select_ident(iph, &rt->u.dst, NULL);
ip_send_check(iph);
- skb->ip_summed = CHECKSUM_NONE;
-
/* Another hack: avoid icmp_send in ip_fragment */
skb->local_df = 1;
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2.6] ipvs - v2: do not use skb_checksum_help, nf_reset
2004-09-12 4:51 ` [PATCH 2.6] ipvs - v2: " Julian Anastasov
@ 2004-09-12 23:43 ` David S. Miller
0 siblings, 0 replies; 4+ messages in thread
From: David S. Miller @ 2004-09-12 23:43 UTC (permalink / raw)
To: Julian Anastasov; +Cc: netdev, wensong
Looks great, patch applied.
Thanks Julian.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-09-12 23:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-11 7:21 [PATCH 2.6] ipvs - do not use skb_checksum_help, nf_reset Julian Anastasov
2004-09-12 0:39 ` David S. Miller
2004-09-12 4:51 ` [PATCH 2.6] ipvs - v2: " Julian Anastasov
2004-09-12 23:43 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).