lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: Add address family specific checksum helpers

Browse Source 
Add checksum operation which takes care of verifying the checksum and
dealing with HW checksum errors and avoids multiple checksum
operations by setting ip_summed to CHECKSUM_UNNECESSARY after
successful verification.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
2006-04-06 14:18:43 -07:00
committed by David S. Miller
parent bce8032ef3
commit 422c346fad
5 changed files with 89 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
include/linux/netfilter.h
View File

@@ -285,6 +285,8 @@ extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
struct nf_afinfo { struct nf_afinfo {
unsigned short family; unsigned short family;
unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol);
void (*saveroute)(const struct sk_buff *skb, void (*saveroute)(const struct sk_buff *skb,
struct nf_info *info); struct nf_info *info);
int (*reroute)(struct sk_buff **skb, int (*reroute)(struct sk_buff **skb,
@@ -298,6 +300,21 @@ static inline struct nf_afinfo *nf_get_afinfo(unsigned short family)
return rcu_dereference(nf_afinfo[family]); return rcu_dereference(nf_afinfo[family]);
} }
static inline unsigned int
nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
u_int8_t protocol, unsigned short family)
{
struct nf_afinfo *afinfo;
unsigned int csum = 0;
rcu_read_lock();
afinfo = nf_get_afinfo(family);
if (afinfo)
csum = afinfo->checksum(skb, hook, dataoff, protocol);
rcu_read_unlock();
return csum;
}
extern int nf_register_afinfo(struct nf_afinfo *afinfo); extern int nf_register_afinfo(struct nf_afinfo *afinfo);
extern void nf_unregister_afinfo(struct nf_afinfo *afinfo); extern void nf_unregister_afinfo(struct nf_afinfo *afinfo);

2
include/linux/netfilter_ipv4.h
View File

@@ -80,6 +80,8 @@ enum nf_ip_hook_priorities {
#ifdef __KERNEL__ #ifdef __KERNEL__
extern int ip_route_me_harder(struct sk_buff **pskb); extern int ip_route_me_harder(struct sk_buff **pskb);
extern int ip_xfrm_me_harder(struct sk_buff **pskb); extern int ip_xfrm_me_harder(struct sk_buff **pskb);
extern unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol);
#endif /*__KERNEL__*/ #endif /*__KERNEL__*/
#endif /*__LINUX_IP_NETFILTER_H*/ #endif /*__LINUX_IP_NETFILTER_H*/

3
include/linux/netfilter_ipv6.h
View File

@@ -73,6 +73,9 @@ enum nf_ip6_hook_priorities {
}; };
#ifdef CONFIG_NETFILTER #ifdef CONFIG_NETFILTER
extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol);
extern int ipv6_netfilter_init(void); extern int ipv6_netfilter_init(void);
extern void ipv6_netfilter_fini(void); extern void ipv6_netfilter_fini(void);
#else /* CONFIG_NETFILTER */ #else /* CONFIG_NETFILTER */

33
net/ipv4/netfilter.c
View File

@@ -161,8 +161,41 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
return 0; return 0;
} }
unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol)
{
struct iphdr *iph = skb->nh.iph;
unsigned int csum = 0;
switch (skb->ip_summed) {
case CHECKSUM_HW:
if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN)
break;
if ((protocol == 0 && !(u16)csum_fold(skb->csum)) ||
!csum_tcpudp_magic(iph->saddr, iph->daddr,
skb->len - dataoff, protocol,
skb->csum)) {
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
/* fall through */
case CHECKSUM_NONE:
if (protocol == 0)
skb->csum = 0;
else
skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
skb->len - dataoff,
protocol, 0);
csum = __skb_checksum_complete(skb);
}
return csum;
}
EXPORT_SYMBOL(nf_ip_checksum);
static struct nf_afinfo nf_ip_afinfo = { static struct nf_afinfo nf_ip_afinfo = {
.family = AF_INET, .family = AF_INET,
.checksum = nf_ip_checksum,
.saveroute = nf_ip_saveroute, .saveroute = nf_ip_saveroute,
.reroute = nf_ip_reroute, .reroute = nf_ip_reroute,
.route_key_size = sizeof(struct ip_rt_info), .route_key_size = sizeof(struct ip_rt_info),

34
net/ipv6/netfilter.c
View File

@@ -79,8 +79,42 @@ static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info)
return 0; return 0;
} }
unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u_int8_t protocol)
{
struct ipv6hdr *ip6h = skb->nh.ipv6h;
unsigned int csum = 0;
switch (skb->ip_summed) {
case CHECKSUM_HW:
if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN)
break;
if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
skb->len - dataoff, protocol,
csum_sub(skb->csum,
skb_checksum(skb, 0,
dataoff, 0)))) {
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
/* fall through */
case CHECKSUM_NONE:
skb->csum = ~csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
skb->len - dataoff,
protocol,
csum_sub(0,
skb_checksum(skb, 0,
dataoff, 0)));
csum = __skb_checksum_complete(skb);
}
return csum;
}
EXPORT_SYMBOL(nf_ip6_checksum);
static struct nf_afinfo nf_ip6_afinfo = { static struct nf_afinfo nf_ip6_afinfo = {
.family = AF_INET6, .family = AF_INET6,
.checksum = nf_ip6_checksum,
.saveroute = nf_ip6_saveroute, .saveroute = nf_ip6_saveroute,
.reroute = nf_ip6_reroute, .reroute = nf_ip6_reroute,
.route_key_size = sizeof(struct ip6_rt_info), .route_key_size = sizeof(struct ip6_rt_info),