udpv4: Handle large incoming UDP/IPv4 packets and support software UFO.
- validate and forward GSO UDP/IPv4 packets from untrusted sources. - do software UFO if the outgoing device doesn't support UFO. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Sridhar Samudrala
committed by
David S. Miller
David S. Miller
parent
30ffee8480
commit
d7ca4cc01f
@@ -1816,6 +1816,67 @@ void __init udp_init(void)
|
||||
sysctl_udp_wmem_min = SK_MEM_QUANTUM;
|
||||
}
|
||||
|
||||
int udp4_ufo_send_check(struct sk_buff *skb)
|
||||
{
|
||||
const struct iphdr *iph;
|
||||
struct udphdr *uh;
|
||||
|
||||
if (!pskb_may_pull(skb, sizeof(*uh)))
|
||||
return -EINVAL;
|
||||
|
||||
iph = ip_hdr(skb);
|
||||
uh = udp_hdr(skb);
|
||||
|
||||
uh->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, skb->len,
|
||||
IPPROTO_UDP, 0);
|
||||
skb->csum_start = skb_transport_header(skb) - skb->head;
|
||||
skb->csum_offset = offsetof(struct udphdr, check);
|
||||
skb->ip_summed = CHECKSUM_PARTIAL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct sk_buff *udp4_ufo_fragment(struct sk_buff *skb, int features)
|
||||
{
|
||||
struct sk_buff *segs = ERR_PTR(-EINVAL);
|
||||
unsigned int mss;
|
||||
int offset;
|
||||
__wsum csum;
|
||||
|
||||
mss = skb_shinfo(skb)->gso_size;
|
||||
if (unlikely(skb->len <= mss))
|
||||
goto out;
|
||||
|
||||
if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
|
||||
/* Packet is from an untrusted source, reset gso_segs. */
|
||||
int type = skb_shinfo(skb)->gso_type;
|
||||
|
||||
if (unlikely(type & ~(SKB_GSO_UDP | SKB_GSO_DODGY) ||
|
||||
!(type & (SKB_GSO_UDP))))
|
||||
goto out;
|
||||
|
||||
skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss);
|
||||
|
||||
segs = NULL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Do software UFO. Complete and fill in the UDP checksum as HW cannot
|
||||
* do checksum of UDP packets sent as multiple IP fragments.
|
||||
*/
|
||||
offset = skb->csum_start - skb_headroom(skb);
|
||||
csum = skb_checksum(skb, offset, skb->len- offset, 0);
|
||||
offset += skb->csum_offset;
|
||||
*(__sum16 *)(skb->data + offset) = csum_fold(csum);
|
||||
skb->ip_summed = CHECKSUM_NONE;
|
||||
|
||||
/* Fragment the skb. IP headers of the fragments are updated in
|
||||
* inet_gso_segment()
|
||||
*/
|
||||
segs = skb_segment(skb, features);
|
||||
out:
|
||||
return segs;
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(udp_disconnect);
|
||||
EXPORT_SYMBOL(udp_ioctl);
|
||||
EXPORT_SYMBOL(udp_prot);
|
||||
|
||||
Reference in New Issue
Block a user