summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-04-06 14:18:43 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-04-09 22:25:41 -0700
commit422c346fad806e2abaeffac686860ebc98dfe33e (patch)
treedd554d11e80ad33afef4b438ec4c2d8943ad37f4 /net
parentbce8032ef3cc58170ab3550e9e271dba7b4c4764 (diff)
downloadlinux-422c346fad806e2abaeffac686860ebc98dfe33e.tar.bz2
[NETFILTER]: Add address family specific checksum helpers
Add checksum operation which takes care of verifying the checksum and dealing with HW checksum errors and avoids multiple checksum operations by setting ip_summed to CHECKSUM_UNNECESSARY after successful verification. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter.c33
-rw-r--r--net/ipv6/netfilter.c34
2 files changed, 67 insertions, 0 deletions
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index b25339c11ea0..6a9e34b794bc 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -161,8 +161,41 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
return 0;
}
+unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, u_int8_t protocol)
+{
+ struct iphdr *iph = skb->nh.iph;
+ unsigned int csum = 0;
+
+ switch (skb->ip_summed) {
+ case CHECKSUM_HW:
+ if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN)
+ break;
+ if ((protocol == 0 && !(u16)csum_fold(skb->csum)) ||
+ !csum_tcpudp_magic(iph->saddr, iph->daddr,
+ skb->len - dataoff, protocol,
+ skb->csum)) {
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
+ break;
+ }
+ /* fall through */
+ case CHECKSUM_NONE:
+ if (protocol == 0)
+ skb->csum = 0;
+ else
+ skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
+ skb->len - dataoff,
+ protocol, 0);
+ csum = __skb_checksum_complete(skb);
+ }
+ return csum;
+}
+
+EXPORT_SYMBOL(nf_ip_checksum);
+
static struct nf_afinfo nf_ip_afinfo = {
.family = AF_INET,
+ .checksum = nf_ip_checksum,
.saveroute = nf_ip_saveroute,
.reroute = nf_ip_reroute,
.route_key_size = sizeof(struct ip_rt_info),
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index f514a0113b9f..3e9ecfaf67e2 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -79,8 +79,42 @@ static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info)
return 0;
}
+unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, u_int8_t protocol)
+{
+ struct ipv6hdr *ip6h = skb->nh.ipv6h;
+ unsigned int csum = 0;
+
+ switch (skb->ip_summed) {
+ case CHECKSUM_HW:
+ if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN)
+ break;
+ if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
+ skb->len - dataoff, protocol,
+ csum_sub(skb->csum,
+ skb_checksum(skb, 0,
+ dataoff, 0)))) {
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
+ break;
+ }
+ /* fall through */
+ case CHECKSUM_NONE:
+ skb->csum = ~csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
+ skb->len - dataoff,
+ protocol,
+ csum_sub(0,
+ skb_checksum(skb, 0,
+ dataoff, 0)));
+ csum = __skb_checksum_complete(skb);
+ }
+ return csum;
+}
+
+EXPORT_SYMBOL(nf_ip6_checksum);
+
static struct nf_afinfo nf_ip6_afinfo = {
.family = AF_INET6,
+ .checksum = nf_ip6_checksum,
.saveroute = nf_ip6_saveroute,
.reroute = nf_ip6_reroute,
.route_key_size = sizeof(struct ip6_rt_info),