On Tue, Dec 1, 2015 at 12:51 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Wed, Nov 25, 2015 at 04:08:16PM -0800, Jarno Rajahalme wrote:
>> NAT checksum recalculation code assumes existence of skb_dst, which
>> becomes a problem for a later patch in the series ("openvswitch:
>> Interface with NAT."). Simplify this by removing the check on
>> skb_dst, as the checksum will be dealt with later in the stack.
>>
>> Suggested-by: Pravin Shelar <pshelar@xxxxxxxxxx>
>> Signed-off-by: Jarno Rajahalme <jarno@xxxxxxx>
>> ---
>> net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 29 ++++++++---------------------
>> net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 29 ++++++++---------------------
>> 2 files changed, 16 insertions(+), 42 deletions(-)
>>
>> diff --git a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
>> index 5075b7e..f8aad03 100644
>> --- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
>> +++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
>> @@ -127,28 +127,15 @@ static void nf_nat_ipv4_csum_recalc(struct sk_buff *skb,
>> u8 proto, void *data, __sum16 *check,
>> int datalen, int oldlen)
>> {
>> - const struct iphdr *iph = ip_hdr(skb);
>> - struct rtable *rt = skb_rtable(skb);
>> -
>> if (skb->ip_summed != CHECKSUM_PARTIAL) {
>> - if (!(rt->rt_flags & RTCF_LOCAL) &&
>> - (!skb->dev || skb->dev->features & NETIF_F_V4_CSUM)) {
>> - skb->ip_summed = CHECKSUM_PARTIAL;
>> - skb->csum_start = skb_headroom(skb) +
>> - skb_network_offset(skb) +
>> - ip_hdrlen(skb);
>> - skb->csum_offset = (void *)check - data;
>> - *check = ~csum_tcpudp_magic(iph->saddr, iph->daddr,
>> - datalen, proto, 0);
>> - } else {
>> - *check = 0;
>> - *check = csum_tcpudp_magic(iph->saddr, iph->daddr,
>> - datalen, proto,
>> - csum_partial(data, datalen,
>> - 0));
>> - if (proto == IPPROTO_UDP && !*check)
>> - *check = CSUM_MANGLED_0;
>> - }
>> + const struct iphdr *iph = ip_hdr(skb);
>> +
>> + skb->ip_summed = CHECKSUM_PARTIAL;
>> + skb->csum_start = skb_headroom(skb) + skb_network_offset(skb) +
>> + ip_hdrlen(skb);
>> + skb->csum_offset = (void *)check - data;
>> + *check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, datalen,
>> + proto, 0);
>
> Is this change going to work with traffic that is redirected to the
> localhost?
localhost should handle CHECKSUM_PARTIAL just fine. So I do not see
problem with always converting skb to CHECKSUM_PARTIAL skb.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
