From: Ralf Lici <ralf@mandelbit.com>
To: netdev@vger.kernel.org
Cc: "Daniel Gröber" <dxld@darkboxed.org>,
"Ralf Lici" <ralf@mandelbit.com>,
"Antonio Quartulli" <antonio@mandelbit.com>,
"Andrew Lunn" <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
linux-kernel@vger.kernel.org
Subject: [RFC net-next 06/15] ipxlat: add transport checksum and offload helpers
Date: Thu, 19 Mar 2026 16:12:15 +0100 [thread overview]
Message-ID: <20260319151230.655687-7-ralf@mandelbit.com> (raw)
In-Reply-To: <20260319151230.655687-1-ralf@mandelbit.com>
Add shared transport-layer helpers for checksum manipulation and offload
metadata normalization across family translation.
This introduces incremental and full checksum utilities plus generic
ICMP relayout/offload finalization routines reused by later 4->6 and
6->4 transport translation paths.
Signed-off-by: Ralf Lici <ralf@mandelbit.com>
---
drivers/net/ipxlat/transport.c | 146 +++++++++++++++++++++++++++++++++
drivers/net/ipxlat/transport.h | 83 +++++++++++++++++++
2 files changed, 229 insertions(+)
create mode 100644 drivers/net/ipxlat/transport.c
create mode 100644 drivers/net/ipxlat/transport.h
diff --git a/drivers/net/ipxlat/transport.c b/drivers/net/ipxlat/transport.c
new file mode 100644
index 000000000000..cd786ce84adc
--- /dev/null
+++ b/drivers/net/ipxlat/transport.c
@@ -0,0 +1,146 @@
+// SPDX-License-Identifier: GPL-2.0
+/* IPXLAT - Stateless IP/ICMP Translation (SIIT) virtual device driver
+ *
+ * Copyright (C) 2024- Alberto Leiva Popper <ydahhrk@gmail.com>
+ * Copyright (C) 2026- Mandelbit SRL
+ * Copyright (C) 2026- Daniel Gröber <dxld@darkboxed.org>
+ *
+ * Author: Alberto Leiva Popper <ydahhrk@gmail.com>
+ * Antonio Quartulli <antonio@mandelbit.com>
+ * Daniel Gröber <dxld@darkboxed.org>
+ * Ralf Lici <ralf@mandelbit.com>
+ */
+
+#include <net/ip.h>
+#include <net/ip6_checksum.h>
+#include <net/tcp.h>
+#include <net/udp.h>
+
+#include "packet.h"
+#include "transport.h"
+
+/* set CHECKSUM_PARTIAL metadata for transport checksum completion */
+int ipxlat_set_partial_csum(struct sk_buff *skb, u16 csum_offset)
+{
+ if (likely(skb_partial_csum_set(skb, skb_transport_offset(skb),
+ csum_offset)))
+ return 0;
+ return -EINVAL;
+}
+
+static __wsum ipxlat_pseudohdr6_csum(const struct ipv6hdr *hdr)
+{
+ return ~csum_unfold(csum_ipv6_magic(&hdr->saddr, &hdr->daddr, 0, 0, 0));
+}
+
+static __wsum ipxlat_pseudohdr4_csum(const struct iphdr *hdr)
+{
+ return csum_tcpudp_nofold(hdr->saddr, hdr->daddr, 0, 0, 0);
+}
+
+static __sum16 ipxlat_46_update_csum(__sum16 csum16,
+ const struct iphdr *in_ip4,
+ const void *in_l4_hdr,
+ const struct ipv6hdr *out_ip6,
+ const void *out_l4_hdr, size_t l4_hdr_len)
+{
+ __wsum csum;
+
+ csum = ~csum_unfold(csum16);
+
+ /* replace pseudohdr and L4 header contributions, payload unchanged */
+ csum = csum_sub(csum, ipxlat_pseudohdr4_csum(in_ip4));
+ csum = csum_sub(csum, csum_partial(in_l4_hdr, l4_hdr_len, 0));
+ csum = csum_add(csum, ipxlat_pseudohdr6_csum(out_ip6));
+ csum = csum_add(csum, csum_partial(out_l4_hdr, l4_hdr_len, 0));
+ return csum_fold(csum);
+}
+
+static __sum16 ipxlat_64_update_csum(__sum16 csum16,
+ const struct ipv6hdr *in_ip6,
+ const void *in_l4_hdr,
+ size_t in_l4_hdr_len,
+ const struct iphdr *out_ip4,
+ const void *out_l4_hdr,
+ size_t out_l4_hdr_len)
+{
+ __wsum csum;
+
+ csum = ~csum_unfold(csum16);
+
+ /* only address terms matter because L4 length/proto are unchanged */
+ csum = csum_sub(csum, ipxlat_pseudohdr6_csum(in_ip6));
+ csum = csum_sub(csum, csum_partial(in_l4_hdr, in_l4_hdr_len, 0));
+
+ csum = csum_add(csum, ipxlat_pseudohdr4_csum(out_ip4));
+ csum = csum_add(csum, csum_partial(out_l4_hdr, out_l4_hdr_len, 0));
+
+ return csum_fold(csum);
+}
+
+__sum16 ipxlat_l4_csum_ipv6(const struct in6_addr *saddr,
+ const struct in6_addr *daddr,
+ const struct sk_buff *skb, unsigned int l4_off,
+ unsigned int l4_len, u8 proto)
+{
+ return csum_ipv6_magic(saddr, daddr, l4_len, proto,
+ skb_checksum(skb, l4_off, l4_len, 0));
+}
+
+/* Normalize checksum/offload metadata after address-family translation.
+ *
+ * Translation changes protocol family but keeps transport payload semantics
+ * intact, so TCP GSO only needs type remap (gso_from -> gso_to), while ICMP
+ * must clear stale GSO state because there is no ICMP GSO transform here.
+ *
+ * This mirrors forwarding expectations: reject LRO on xmit and clear hash
+ * when tuple semantics may have changed (fragments and non-TCP/UDP).
+ */
+int ipxlat_finalize_offload(struct sk_buff *skb, u8 l4_proto, bool is_fragment,
+ u32 gso_from, u32 gso_to)
+{
+ struct skb_shared_info *shinfo;
+
+ if (unlikely(skb->ip_summed == CHECKSUM_COMPLETE))
+ skb->ip_summed = CHECKSUM_NONE;
+
+ if (!skb_is_gso(skb))
+ goto out_hash;
+
+ /* align with forwarding paths that reject LRO skbs before xmit */
+ if (unlikely(skb_warn_if_lro(skb)))
+ return -EINVAL;
+
+ shinfo = skb_shinfo(skb);
+ switch (l4_proto) {
+ case IPPROTO_TCP:
+ /* segment payload size is unchanged by address-family
+ * translation so there's no need to touch gso_size
+ */
+ if (shinfo->gso_type & gso_from) {
+ shinfo->gso_type &= ~gso_from;
+ shinfo->gso_type |= gso_to;
+ } else if (unlikely(!(shinfo->gso_type & gso_to))) {
+ return -EOPNOTSUPP;
+ }
+ break;
+ case IPPROTO_UDP:
+ break;
+ case IPPROTO_ICMP:
+ /* for ICMP there is no GSO transform; clear stale offload
+ * metadata so the stack treats it as a normal frame
+ */
+ skb_gso_reset(skb);
+ break;
+ default:
+ return -EPROTONOSUPPORT;
+ }
+
+out_hash:
+ if (unlikely(is_fragment ||
+ (l4_proto != IPPROTO_TCP && l4_proto != IPPROTO_UDP)))
+ skb_clear_hash(skb);
+ else
+ skb_clear_hash_if_not_l4(skb);
+ return 0;
+}
diff --git a/drivers/net/ipxlat/transport.h b/drivers/net/ipxlat/transport.h
new file mode 100644
index 000000000000..bd228aecfb3b
--- /dev/null
+++ b/drivers/net/ipxlat/transport.h
@@ -0,0 +1,83 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* IPXLAT - Stateless IP/ICMP Translation (SIIT) virtual device driver
+ *
+ * Copyright (C) 2024- Alberto Leiva Popper <ydahhrk@gmail.com>
+ * Copyright (C) 2026- Mandelbit SRL
+ * Copyright (C) 2026- Daniel Gröber <dxld@darkboxed.org>
+ *
+ * Author: Alberto Leiva Popper <ydahhrk@gmail.com>
+ * Antonio Quartulli <antonio@mandelbit.com>
+ * Daniel Gröber <dxld@darkboxed.org>
+ * Ralf Lici <ralf@mandelbit.com>
+ */
+
+#ifndef _NET_IPXLAT_TRANSPORT_H_
+#define _NET_IPXLAT_TRANSPORT_H_
+
+#include <linux/icmp.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+
+/**
+ * ipxlat_l4_min_len - minimum transport header size for protocol
+ * @protocol: transport protocol identifier
+ *
+ * Return: minimum header length for @protocol, or 0 when unsupported.
+ */
+static inline unsigned int ipxlat_l4_min_len(u8 protocol)
+{
+ switch (protocol) {
+ case IPPROTO_TCP:
+ return sizeof(struct tcphdr);
+ case IPPROTO_UDP:
+ return sizeof(struct udphdr);
+ case IPPROTO_ICMP:
+ return sizeof(struct icmphdr);
+ default:
+ return 0;
+ }
+}
+
+/**
+ * ipxlat_set_partial_csum - program CHECKSUM_PARTIAL metadata on skb
+ * @skb: packet with transport checksum field
+ * @csum_offset: offset of checksum field within transport header
+ *
+ * Return: 0 on success, negative errno on invalid skb state.
+ */
+int ipxlat_set_partial_csum(struct sk_buff *skb, u16 csum_offset);
+
+/**
+ * ipxlat_l4_csum_ipv6 - compute full L4 checksum with IPv6 pseudo-header
+ * @saddr: IPv6 source address
+ * @daddr: IPv6 destination address
+ * @skb: packet buffer
+ * @l4_off: transport header offset
+ * @l4_len: transport span (header + payload)
+ * @proto: transport protocol
+ *
+ * Return: folded checksum value covering pseudo-header and transport payload.
+ */
+__sum16 ipxlat_l4_csum_ipv6(const struct in6_addr *saddr,
+ const struct in6_addr *daddr,
+ const struct sk_buff *skb, unsigned int l4_off,
+ unsigned int l4_len, u8 proto);
+
+/**
+ * ipxlat_finalize_offload - normalize checksum/GSO metadata after translation
+ * @skb: translated packet
+ * @l4_proto: resulting transport protocol
+ * @is_fragment: resulting packet is fragmented
+ * @gso_from: input TCP GSO type bit
+ * @gso_to: output TCP GSO type bit
+ *
+ * Converts TCP GSO family bits and clears stale checksum/hash state when
+ * offload metadata cannot be preserved across address-family translation.
+ *
+ * Return: 0 on success, negative errno on unsupported/offload-incompatible
+ * input.
+ */
+int ipxlat_finalize_offload(struct sk_buff *skb, u8 l4_proto, bool is_fragment,
+ u32 gso_from, u32 gso_to);
+
+#endif /* _NET_IPXLAT_TRANSPORT_H_ */
--
2.53.0
next prev parent reply other threads:[~2026-03-19 15:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-19 15:12 [RFC net-next 00/15] Introducing ipxlat: a stateless IPv4/IPv6 translation device Ralf Lici
2026-03-19 15:12 ` [RFC net-next 01/15] drivers/net: add ipxlat netdevice skeleton and build plumbing Ralf Lici
2026-03-19 15:12 ` [RFC net-next 02/15] ipxlat: add RFC 6052 address conversion helpers Ralf Lici
2026-03-19 15:12 ` [RFC net-next 03/15] ipxlat: add packet metadata control block helpers Ralf Lici
2026-03-19 15:12 ` [RFC net-next 04/15] ipxlat: add IPv4 packet validation path Ralf Lici
2026-03-19 15:12 ` [RFC net-next 05/15] ipxlat: add IPv6 " Ralf Lici
2026-03-19 15:12 ` Ralf Lici [this message]
2026-03-19 15:12 ` [RFC net-next 07/15] ipxlat: add 4to6 and 6to4 TCP/UDP translation helpers Ralf Lici
2026-03-19 15:12 ` [RFC net-next 08/15] ipxlat: add translation engine and dispatch core Ralf Lici
2026-03-19 15:12 ` [RFC net-next 09/15] ipxlat: emit translator-generated ICMP errors on drop Ralf Lici
2026-03-19 15:12 ` [RFC net-next 10/15] ipxlat: add 4to6 pre-fragmentation path Ralf Lici
2026-03-19 15:12 ` [RFC net-next 11/15] ipxlat: add ICMP informational translation paths Ralf Lici
2026-03-19 15:12 ` [RFC net-next 12/15] ipxlat: add ICMP error translation and quoted-inner handling Ralf Lici
2026-03-19 15:12 ` [RFC net-next 13/15] ipxlat: add netlink control plane and uapi Ralf Lici
2026-03-19 15:12 ` [RFC net-next 14/15] selftests: net: add ipxlat coverage Ralf Lici
2026-03-19 15:12 ` [RFC net-next 15/15] Documentation: networking: add ipxlat translator guide Ralf Lici
2026-03-19 22:11 ` Jonathan Corbet
2026-03-24 9:55 ` Ralf Lici
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260319151230.655687-7-ralf@mandelbit.com \
--to=ralf@mandelbit.com \
--cc=andrew+netdev@lunn.ch \
--cc=antonio@mandelbit.com \
--cc=davem@davemloft.net \
--cc=dxld@darkboxed.org \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox