Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 43bc0ca7 authored by Al Viro's avatar Al Viro Committed by David S. Miller
Browse files

[NET]: netfilter checksum annotations 



Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f9214b26

include/linux/netfilter.h

+21 −5
Original line number Diff line number Diff line
@@ -282,11 +282,27 @@ extern void nf_invalidate_cache(int pf); 
   Returns true or false. */

extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);



extern u_int16_t nf_csum_update(u_int32_t oldval, u_int32_t newval,

				u_int32_t csum);

extern u_int16_t nf_proto_csum_update(struct sk_buff *skb,

				      u_int32_t oldval, u_int32_t newval,

				      u_int16_t csum, int pseudohdr);

static inline void nf_csum_replace4(__sum16 *sum, __be32 from, __be32 to)

{

	__be32 diff[] = { ~from, to };



	*sum = csum_fold(csum_partial((char *)diff, sizeof(diff), ~csum_unfold(*sum)));

}



static inline void nf_csum_replace2(__sum16 *sum, __be16 from, __be16 to)

{

	nf_csum_replace4(sum, (__force __be32)from, (__force __be32)to);

}



extern void nf_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,

				      __be32 from, __be32 to, int pseudohdr);



static inline void nf_proto_csum_replace2(__sum16 *sum, struct sk_buff *skb,

				      __be16 from, __be16 to, int pseudohdr)

{

	nf_proto_csum_replace4(sum, skb, (__force __be32)from,

				(__force __be32)to, pseudohdr);

}



struct nf_afinfo {

	unsigned short	family;

include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h

+2 −2
Original line number Diff line number Diff line
@@ -102,11 +102,11 @@ static inline __be32 *gre_key(struct gre_hdr *greh) 
}



/* get pointer ot gre csum, if present */

static inline u_int16_t *gre_csum(struct gre_hdr *greh)

static inline __sum16 *gre_csum(struct gre_hdr *greh)

{

	if (!greh->csum)

		return NULL;

	return (u_int16_t *) (greh+sizeof(*greh));

	return (__sum16 *) (greh+sizeof(*greh));

}



#endif /* __KERNEL__ */

net/ipv4/netfilter/ip_nat_core.c

+2 −4
Original line number Diff line number Diff line
@@ -362,12 +362,10 @@ manip_pkt(u_int16_t proto, 
	iph = (void *)(*pskb)->data + iphdroff;



	if (maniptype == IP_NAT_MANIP_SRC) {

		iph->check = nf_csum_update(~iph->saddr, target->src.ip,

					    iph->check);

		nf_csum_replace4(&iph->check, iph->saddr, target->src.ip);

		iph->saddr = target->src.ip;

	} else {

		iph->check = nf_csum_update(~iph->daddr, target->dst.ip,

					    iph->check);

		nf_csum_replace4(&iph->check, iph->daddr, target->dst.ip);

		iph->daddr = target->dst.ip;

	}

	return 1;

net/ipv4/netfilter/ip_nat_helper.c

+10 −20
Original line number Diff line number Diff line
@@ -188,10 +188,8 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb, 
					   csum_partial((char *)tcph,

					   		datalen, 0));

	} else

		tcph->check = nf_proto_csum_update(*pskb,

						   htons(oldlen) ^ htons(0xFFFF),

						   htons(datalen),

						   tcph->check, 1);

		nf_proto_csum_replace2(&tcph->check, *pskb,

					htons(oldlen), htons(datalen), 1);



	if (rep_len != match_len) {

		set_bit(IPS_SEQ_ADJUST_BIT, &ct->status);
@@ -266,10 +264,8 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb, 
		if (!udph->check)

			udph->check = CSUM_MANGLED_0;

	} else

		udph->check = nf_proto_csum_update(*pskb,

						   htons(oldlen) ^ htons(0xFFFF),

						   htons(datalen),

						   udph->check, 1);

		nf_proto_csum_replace2(&udph->check, *pskb,

					htons(oldlen), htons(datalen), 1);

	return 1;

}

EXPORT_SYMBOL(ip_nat_mangle_udp_packet);
@@ -307,14 +303,10 @@ sack_adjust(struct sk_buff *skb, 
			ntohl(sack->start_seq), new_start_seq,

			ntohl(sack->end_seq), new_end_seq);



		tcph->check = nf_proto_csum_update(skb,

						   ~sack->start_seq,

						   new_start_seq,

						   tcph->check, 0);

		tcph->check = nf_proto_csum_update(skb,

						   ~sack->end_seq,

						   new_end_seq,

						   tcph->check, 0);

		nf_proto_csum_replace4(&tcph->check, skb,

					sack->start_seq, new_start_seq, 0);

		nf_proto_csum_replace4(&tcph->check, skb,

					sack->end_seq, new_end_seq, 0);

		sack->start_seq = new_start_seq;

		sack->end_seq = new_end_seq;

		sackoff += sizeof(*sack);
@@ -397,10 +389,8 @@ ip_nat_seq_adjust(struct sk_buff **pskb, 
	else

		newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);



	tcph->check = nf_proto_csum_update(*pskb, ~tcph->seq, newseq,

					   tcph->check, 0);

	tcph->check = nf_proto_csum_update(*pskb, ~tcph->ack_seq, newack,

					   tcph->check, 0);

	nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0);

	nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0);



	DEBUGP("Adjusting sequence number from %u->%u, ack from %u->%u\n",

		ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq),

net/ipv4/netfilter/ip_nat_proto_gre.c

+3 −5
Original line number Diff line number Diff line
@@ -129,11 +129,9 @@ gre_manip_pkt(struct sk_buff **pskb, 
			}

			if (greh->csum) {

				/* FIXME: Never tested this code... */

				*(gre_csum(greh)) =

					nf_proto_csum_update(*pskb,

							~*(gre_key(greh)),

							tuple->dst.u.gre.key,

							*(gre_csum(greh)), 0);

				nf_proto_csum_replace4(gre_csum(greh), *pskb,

							*(gre_key(greh)),

							tuple->dst.u.gre.key, 0);

			}

			*(gre_key(greh)) = tuple->dst.u.gre.key;

			break;