> -----邮件原件----- > 发件人: netfilter-devel-owner@xxxxxxxxxxxxxxx > [mailto:netfilter-devel-owner@xxxxxxxxxxxxxxx] 代表 Pablo Neira Ayuso > 发送时间: 2019年11月13日 5:30 > 收件人: Li,Rongqing <lirongqing@xxxxxxxxx> > 抄送: netfilter-devel@xxxxxxxxxxxxxxx > 主题: Re: [PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets > > On Sat, Nov 09, 2019 at 03:50:17PM +0800, Li RongQing wrote: > > csum_tcpudp_magic should not be called to compute checksum for > > non-TCP/UDP packets, like ICMP with wrong checksum > > This is fixing 5d1549847c76b1ffcf8e388ef4d0f229bdd1d7e8. > > > Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx> > > --- > > net/netfilter/utils.c | 9 ++++++--- > > 1 file changed, 6 insertions(+), 3 deletions(-) > > > > diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c index > > 51b454d8fa9c..72eace52874e 100644 > > --- a/net/netfilter/utils.c > > +++ b/net/netfilter/utils.c > > @@ -17,9 +17,12 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, > unsigned int hook, > > case CHECKSUM_COMPLETE: > > if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN) > > break; > > - if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP && > > - !csum_fold(skb->csum)) || > > - !csum_tcpudp_magic(iph->saddr, iph->daddr, > > + if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) { > > + if (!csum_fold(skb->csum)) { > > + skb->ip_summed = CHECKSUM_UNNECESSARY; > > + break; > > + } > > + } else if (!csum_tcpudp_magic(iph->saddr, iph->daddr, > > skb->len - dataoff, protocol, > > skb->csum)) { > > Probably disentangle this code with the following snippet? > > switch (protocol) { > case IPPROTO_TCP: > case IPPROTO_UDP: > if (!csum_tcpudp_magic(iph->saddr, iph->daddr, > skb->len - dataoff, > protocol, > skb->csum)) > skb->ip_summed = > CHECKSUM_UNNECESSARY; > break; > default: > if (!csum_fold(skb->csum)) > skb->ip_summed = > CHECKSUM_UNNECESSARY; > break; > } > OK ,I will send V2, thanks -RongQing
