Commit 422c346f authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: Add address family specific checksum helpers

Add checksum operation which takes care of verifying the checksum and
dealing with HW checksum errors and avoids multiple checksum
operations by setting ip_summed to CHECKSUM_UNNECESSARY after
successful verification.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent bce8032e
...@@ -285,6 +285,8 @@ extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len); ...@@ -285,6 +285,8 @@ extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
struct nf_afinfo { struct nf_afinfo {
unsigned short family; unsigned short family;
unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol);
void (*saveroute)(const struct sk_buff *skb, void (*saveroute)(const struct sk_buff *skb,
struct nf_info *info); struct nf_info *info);
int (*reroute)(struct sk_buff **skb, int (*reroute)(struct sk_buff **skb,
...@@ -298,6 +300,21 @@ static inline struct nf_afinfo *nf_get_afinfo(unsigned short family) ...@@ -298,6 +300,21 @@ static inline struct nf_afinfo *nf_get_afinfo(unsigned short family)
return rcu_dereference(nf_afinfo[family]); return rcu_dereference(nf_afinfo[family]);
} }
static inline unsigned int
nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
u_int8_t protocol, unsigned short family)
{
struct nf_afinfo *afinfo;
unsigned int csum = 0;
rcu_read_lock();
afinfo = nf_get_afinfo(family);
if (afinfo)
csum = afinfo->checksum(skb, hook, dataoff, protocol);
rcu_read_unlock();
return csum;
}
extern int nf_register_afinfo(struct nf_afinfo *afinfo); extern int nf_register_afinfo(struct nf_afinfo *afinfo);
extern void nf_unregister_afinfo(struct nf_afinfo *afinfo); extern void nf_unregister_afinfo(struct nf_afinfo *afinfo);
......
...@@ -80,6 +80,8 @@ enum nf_ip_hook_priorities { ...@@ -80,6 +80,8 @@ enum nf_ip_hook_priorities {
#ifdef __KERNEL__ #ifdef __KERNEL__
extern int ip_route_me_harder(struct sk_buff **pskb); extern int ip_route_me_harder(struct sk_buff **pskb);
extern int ip_xfrm_me_harder(struct sk_buff **pskb); extern int ip_xfrm_me_harder(struct sk_buff **pskb);
extern unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol);
#endif /*__KERNEL__*/ #endif /*__KERNEL__*/
#endif /*__LINUX_IP_NETFILTER_H*/ #endif /*__LINUX_IP_NETFILTER_H*/
...@@ -73,6 +73,9 @@ enum nf_ip6_hook_priorities { ...@@ -73,6 +73,9 @@ enum nf_ip6_hook_priorities {
}; };
#ifdef CONFIG_NETFILTER #ifdef CONFIG_NETFILTER
extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol);
extern int ipv6_netfilter_init(void); extern int ipv6_netfilter_init(void);
extern void ipv6_netfilter_fini(void); extern void ipv6_netfilter_fini(void);
#else /* CONFIG_NETFILTER */ #else /* CONFIG_NETFILTER */
......
...@@ -161,8 +161,41 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info) ...@@ -161,8 +161,41 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
return 0; return 0;
} }
unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol)
{
struct iphdr *iph = skb->nh.iph;
unsigned int csum = 0;
switch (skb->ip_summed) {
case CHECKSUM_HW:
if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN)
break;
if ((protocol == 0 && !(u16)csum_fold(skb->csum)) ||
!csum_tcpudp_magic(iph->saddr, iph->daddr,
skb->len - dataoff, protocol,
skb->csum)) {
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
/* fall through */
case CHECKSUM_NONE:
if (protocol == 0)
skb->csum = 0;
else
skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
skb->len - dataoff,
protocol, 0);
csum = __skb_checksum_complete(skb);
}
return csum;
}
EXPORT_SYMBOL(nf_ip_checksum);
static struct nf_afinfo nf_ip_afinfo = { static struct nf_afinfo nf_ip_afinfo = {
.family = AF_INET, .family = AF_INET,
.checksum = nf_ip_checksum,
.saveroute = nf_ip_saveroute, .saveroute = nf_ip_saveroute,
.reroute = nf_ip_reroute, .reroute = nf_ip_reroute,
.route_key_size = sizeof(struct ip_rt_info), .route_key_size = sizeof(struct ip_rt_info),
......
...@@ -79,8 +79,42 @@ static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info) ...@@ -79,8 +79,42 @@ static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info)
return 0; return 0;
} }
unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol)
{
struct ipv6hdr *ip6h = skb->nh.ipv6h;
unsigned int csum = 0;
switch (skb->ip_summed) {
case CHECKSUM_HW:
if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN)
break;
if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
skb->len - dataoff, protocol,
csum_sub(skb->csum,
skb_checksum(skb, 0,
dataoff, 0)))) {
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
/* fall through */
case CHECKSUM_NONE:
skb->csum = ~csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
skb->len - dataoff,
protocol,
csum_sub(0,
skb_checksum(skb, 0,
dataoff, 0)));
csum = __skb_checksum_complete(skb);
}
return csum;
}
EXPORT_SYMBOL(nf_ip6_checksum);
static struct nf_afinfo nf_ip6_afinfo = { static struct nf_afinfo nf_ip6_afinfo = {
.family = AF_INET6, .family = AF_INET6,
.checksum = nf_ip6_checksum,
.saveroute = nf_ip6_saveroute, .saveroute = nf_ip6_saveroute,
.reroute = nf_ip6_reroute, .reroute = nf_ip6_reroute,
.route_key_size = sizeof(struct ip6_rt_info), .route_key_size = sizeof(struct ip6_rt_info),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment