diff options
| author | Florian Westphal <fw@strlen.de> | 2013-04-19 00:58:27 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-04-29 14:09:07 -0400 |
| commit | 00bd1cc24a7dd295ee095dc50791aab6ede46c7a (patch) | |
| tree | 0802df661d7b8d4d6bfc47dfd6230607c8f92af1 | |
| parent | 7237190df8c4129241697530a4eecabdc4ecc66e (diff) | |
netfilter: nfnetlink_queue: avoid expensive gso segmentation and checksum fixup
Userspace can now indicate that it can cope with larger-than-mtu sized
packets and packets that have invalid ipv4/tcp checksums.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/uapi/linux/netfilter/nfnetlink_queue.h | 3 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_queue_core.c | 5 |
2 files changed, 5 insertions, 3 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h index 0069da370464..a2308ae5a73d 100644 --- a/include/uapi/linux/netfilter/nfnetlink_queue.h +++ b/include/uapi/linux/netfilter/nfnetlink_queue.h | |||
| @@ -97,7 +97,8 @@ enum nfqnl_attr_config { | |||
| 97 | /* Flags for NFQA_CFG_FLAGS */ | 97 | /* Flags for NFQA_CFG_FLAGS */ |
| 98 | #define NFQA_CFG_F_FAIL_OPEN (1 << 0) | 98 | #define NFQA_CFG_F_FAIL_OPEN (1 << 0) |
| 99 | #define NFQA_CFG_F_CONNTRACK (1 << 1) | 99 | #define NFQA_CFG_F_CONNTRACK (1 << 1) |
| 100 | #define NFQA_CFG_F_MAX (1 << 2) | 100 | #define NFQA_CFG_F_GSO (1 << 2) |
| 101 | #define NFQA_CFG_F_MAX (1 << 3) | ||
| 101 | 102 | ||
| 102 | /* flags for NFQA_SKB_INFO */ | 103 | /* flags for NFQA_SKB_INFO */ |
| 103 | /* packet appears to have wrong checksums, but they are ok */ | 104 | /* packet appears to have wrong checksums, but they are ok */ |
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c index d052cd6da5d2..2e0e835baf72 100644 --- a/net/netfilter/nfnetlink_queue_core.c +++ b/net/netfilter/nfnetlink_queue_core.c | |||
| @@ -327,7 +327,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, | |||
| 327 | break; | 327 | break; |
| 328 | 328 | ||
| 329 | case NFQNL_COPY_PACKET: | 329 | case NFQNL_COPY_PACKET: |
| 330 | if (entskb->ip_summed == CHECKSUM_PARTIAL && | 330 | if (!(queue->flags & NFQA_CFG_F_GSO) && |
| 331 | entskb->ip_summed == CHECKSUM_PARTIAL && | ||
| 331 | skb_checksum_help(entskb)) | 332 | skb_checksum_help(entskb)) |
| 332 | return NULL; | 333 | return NULL; |
| 333 | 334 | ||
| @@ -636,7 +637,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) | |||
| 636 | if (queue->copy_mode == NFQNL_COPY_NONE) | 637 | if (queue->copy_mode == NFQNL_COPY_NONE) |
| 637 | return -EINVAL; | 638 | return -EINVAL; |
| 638 | 639 | ||
| 639 | if (!skb_is_gso(entry->skb)) | 640 | if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb)) |
| 640 | return __nfqnl_enqueue_packet(net, queue, entry); | 641 | return __nfqnl_enqueue_packet(net, queue, entry); |
| 641 | 642 | ||
| 642 | skb = entry->skb; | 643 | skb = entry->skb; |