From: kaber@trash.net
To: davem@davemloft.net
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH 02/28] netfilter: ipt_REJECT: postpone the checksum calculation.
Date: Mon, 2 Aug 2010 21:57:19 +0200 [thread overview]
Message-ID: <1280779065-9333-3-git-send-email-kaber@trash.net> (raw)
In-Reply-To: <1280779065-9333-1-git-send-email-kaber@trash.net>
From: Changli Gao <xiaosuo@gmail.com>
postpone the checksum calculation, then if the output NIC supports checksum
offloading, we can utlize it. And though the output NIC doesn't support
checksum offloading, but we'll mangle this packet, this can free us from
updating the checksum, as the checksum calculation occurs later.
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/ipv4/netfilter/ipt_REJECT.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index f5f4a88..3d0e064 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -95,10 +95,11 @@ static void send_reset(struct sk_buff *oldskb, int hook)
}
tcph->rst = 1;
- tcph->check = tcp_v4_check(sizeof(struct tcphdr),
- niph->saddr, niph->daddr,
- csum_partial(tcph,
- sizeof(struct tcphdr), 0));
+ tcph->check = ~tcp_v4_check(sizeof(struct tcphdr), niph->saddr,
+ niph->daddr, 0);
+ nskb->ip_summed = CHECKSUM_PARTIAL;
+ nskb->csum_start = (unsigned char *)tcph - nskb->head;
+ nskb->csum_offset = offsetof(struct tcphdr, check);
addr_type = RTN_UNSPEC;
if (hook != NF_INET_FORWARD
@@ -115,7 +116,6 @@ static void send_reset(struct sk_buff *oldskb, int hook)
goto free_nskb;
niph->ttl = dst_metric(skb_dst(nskb), RTAX_HOPLIMIT);
- nskb->ip_summed = CHECKSUM_NONE;
/* "Never happens" */
if (nskb->len > dst_mtu(skb_dst(nskb)))
--
1.7.1
next prev parent reply other threads:[~2010-08-02 19:57 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-02 19:57 [PATCH 00/28] netfilter: netfilter update kaber
2010-08-02 19:57 ` [PATCH 01/28] netfilter: nf_conntrack_reasm: add fast path for in-order fragments kaber
2010-08-02 19:57 ` kaber [this message]
2010-08-02 19:57 ` [PATCH 03/28] netfilter: ipt_REJECT: avoid touching dst ref kaber
2010-08-02 19:57 ` [PATCH 04/28] ipvs: Kconfig cleanup kaber
2010-08-02 19:57 ` [PATCH 05/28] ipvs: lvs sctp protocol handler is incorrectly invoked ip_vs_app_pkt_out kaber
2010-08-02 19:57 ` [PATCH 06/28] netfilter: xt_TPROXY: the length of lines should be within 80 kaber
2010-08-02 19:57 ` [PATCH 07/28] nfnetlink_log: do not expose NFULNL_COPY_DISABLED to user-space kaber
2010-08-02 19:57 ` [PATCH 08/28] netfilter: nf_ct_tcp: fix flow recovery with TCP window tracking enabled kaber
2010-08-02 19:57 ` [PATCH 09/28] netfilter: add CHECKSUM target kaber
2010-08-02 19:57 ` [PATCH 10/28] netfilter: correct CHECKSUM header and export it kaber
2010-08-02 19:57 ` [PATCH 11/28] netfilter: xt_ipvs (netfilter matcher for IPVS) kaber
2010-08-02 19:57 ` [PATCH 12/28] IPVS: make friends with nf_conntrack kaber
2010-08-02 19:57 ` [PATCH 13/28] IPVS: make FTP work with full NAT support kaber
2010-08-02 19:57 ` [PATCH 14/28] netfilter: add xt_cpu match kaber
2010-08-02 19:57 ` [PATCH 15/28] netfilter: nf_nat_core: merge the same lines kaber
2010-08-02 19:57 ` [PATCH 16/28] netfilter: arptables: use arp_hdr_len() kaber
2010-08-02 19:57 ` [PATCH 17/28] netfilter: xt_quota: use per-rule spin lock kaber
2010-08-02 19:57 ` [PATCH 18/28] xt_quota: report initial quota value instead of current value to userspace kaber
2010-08-02 19:57 ` [PATCH 19/28] netfilter: ip6tables: use skb->len for accounting kaber
2010-08-02 19:57 ` [PATCH 20/28] netfilter: iptables: " kaber
2010-08-02 19:57 ` [PATCH 21/28] netfilter: {ip,ip6,arp}_tables: dont block bottom half more than necessary kaber
2010-08-02 19:57 ` [PATCH 22/28] netfilter: nf_conntrack_extend: introduce __nf_ct_ext_exist() kaber
2010-08-02 19:57 ` [PATCH 23/28] ipvs: remove EXPERIMENTAL tag kaber
2010-08-02 19:57 ` [PATCH 24/28] ipvs: provide default ip_vs_conn_{in,out}_get_proto kaber
2010-08-02 19:57 ` [PATCH 25/28] netfilter: nf_nat: use local variable hdrlen kaber
2010-08-02 19:57 ` [PATCH 26/28] netfilter: nf_nat: make unique_tuple return void kaber
2010-08-02 19:57 ` [PATCH 27/28] netfilter: nf_nat: don't check if the tuple is unique when there isn't any other choice kaber
2010-08-02 19:57 ` [PATCH 28/28] netfilter: nf_conntrack_acct: use skb->len for accounting kaber
2010-08-02 22:24 ` [PATCH 00/28] netfilter: netfilter update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1280779065-9333-3-git-send-email-kaber@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).