[NETFILTER]: Convert conntrack/ipt_REJECT to new checksumming functions

Besides removing lots of duplicate code, all converted users benefit from improved HW checksum error handling. Tested with and without HW checksums in almost all combinations. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2006-04-06 17:19:24 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-04-10 01:25:42 -0400
commit: 96f6bf82ea3abc77d255d5d554df5f349651f6de (patch)
tree: 7050071415f6e0ab56ee6d9a51680b30c3876a94 /net/netfilter
parent: 422c346fad806e2abaeffac686860ebc98dfe33e (diff)
2 files changed, 10 insertions, 90 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 6492ed66fb3..69899f27d26 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -799,8 +799,7 @@ static int tcp_error(struct sk_buff *skb,
                     unsigned int dataoff,
                     enum ip_conntrack_info *ctinfo,
                     int pf,
-                     unsigned int hooknum,
+                     unsigned int hooknum)
-                     int(*csum)(const struct sk_buff *,unsigned int))
 {
        struct tcphdr _tcph, *th;
        unsigned int tcplen = skb->len - dataoff;
@@ -830,9 +829,8 @@ static int tcp_error(struct sk_buff *skb,
         */
        /* FIXME: Source route IP option packets --RR */
        if (((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
-             (pf == PF_INET6 && hooknum  == NF_IP6_PRE_ROUTING))
+             (pf == PF_INET6 && hooknum  == NF_IP6_PRE_ROUTING)) &&
-            && skb->ip_summed != CHECKSUM_UNNECESSARY
+            nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) {
-            && csum(skb, dataoff)) {
                if (LOG_INVALID(IPPROTO_TCP))
                        nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
                                  "nf_ct_tcp: bad TCP checksum ");
@@ -851,44 +849,6 @@ static int tcp_error(struct sk_buff *skb,
        return NF_ACCEPT;
 }
-static int csum4(const struct sk_buff *skb, unsigned int dataoff)
-{
-        return csum_tcpudp_magic(skb->nh.iph->saddr, skb->nh.iph->daddr,
-                                 skb->len - dataoff, IPPROTO_TCP,
-                                 skb->ip_summed == CHECKSUM_HW ? skb->csum
-                                 : skb_checksum(skb, dataoff,
-                                                skb->len - dataoff, 0));
-}
-static int csum6(const struct sk_buff *skb, unsigned int dataoff)
-{
-        return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
-                               skb->len - dataoff, IPPROTO_TCP,
-                               skb->ip_summed == CHECKSUM_HW
-                               ? csum_sub(skb->csum,
-                                          skb_checksum(skb, 0, dataoff, 0))
-                               : skb_checksum(skb, dataoff, skb->len - dataoff,
-                                              0));
-}
-static int tcp_error4(struct sk_buff *skb,
-                      unsigned int dataoff,
-                      enum ip_conntrack_info *ctinfo,
-                      int pf,
-                      unsigned int hooknum)
-{
-        return tcp_error(skb, dataoff, ctinfo, pf, hooknum, csum4);
-}
-static int tcp_error6(struct sk_buff *skb,
-                      unsigned int dataoff,
-                      enum ip_conntrack_info *ctinfo,
-                      int pf,
-                      unsigned int hooknum)
-{
-        return tcp_error(skb, dataoff, ctinfo, pf, hooknum, csum6);
-}
 /* Returns verdict for packet, or -1 for invalid. */
 static int tcp_packet(struct nf_conn *conntrack,
                      const struct sk_buff *skb,
@@ -1218,7 +1178,7 @@ struct nf_conntrack_protocol nf_conntrack_protocol_tcp4 =
        .print_conntrack        = tcp_print_conntrack,
        .packet                 = tcp_packet,
        .new                    = tcp_new,
-        .error                  = tcp_error4,
+        .error                  = tcp_error,
 #if defined(CONFIG_NF_CT_NETLINK) || \
    defined(CONFIG_NF_CT_NETLINK_MODULE)
        .to_nfattr              = tcp_to_nfattr,
@@ -1239,7 +1199,7 @@ struct nf_conntrack_protocol nf_conntrack_protocol_tcp6 =
        .print_conntrack        = tcp_print_conntrack,
        .packet                 = tcp_packet,
        .new                    = tcp_new,
-        .error                  = tcp_error6,
+        .error                  = tcp_error,
 #if defined(CONFIG_NF_CT_NETLINK) || \
    defined(CONFIG_NF_CT_NETLINK_MODULE)
        .to_nfattr              = tcp_to_nfattr,
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 831d206344e..d93edbfde9e 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -103,8 +103,7 @@ static int udp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
 static int udp_error(struct sk_buff *skb, unsigned int dataoff,
                     enum ip_conntrack_info *ctinfo,
                     int pf,
-                     unsigned int hooknum,
+                     unsigned int hooknum)
-                     int (*csum)(const struct sk_buff *, unsigned int))
 {
        unsigned int udplen = skb->len - dataoff;
        struct udphdr _hdr, *hdr;
@@ -136,9 +135,8 @@ static int udp_error(struct sk_buff *skb, unsigned int dataoff,
         * and moreover root might send raw packets.
         * FIXME: Source route IP option packets --RR */
        if (((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
-             (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING))
+             (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
-            && skb->ip_summed != CHECKSUM_UNNECESSARY
+            nf_checksum(skb, hooknum, dataoff, IPPROTO_UDP, pf)) {
-            && csum(skb, dataoff)) {
                if (LOG_INVALID(IPPROTO_UDP))
                        nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
                                "nf_ct_udp: bad UDP checksum ");
@@ -148,44 +146,6 @@ static int udp_error(struct sk_buff *skb, unsigned int dataoff,
        return NF_ACCEPT;
 }
-static int csum4(const struct sk_buff *skb, unsigned int dataoff)
-{
-        return csum_tcpudp_magic(skb->nh.iph->saddr, skb->nh.iph->daddr,
-                                 skb->len - dataoff, IPPROTO_UDP,
-                                 skb->ip_summed == CHECKSUM_HW ? skb->csum
-                                 : skb_checksum(skb, dataoff,
-                                                skb->len - dataoff, 0));
-}
-static int csum6(const struct sk_buff *skb, unsigned int dataoff)
-{
-        return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
-                               skb->len - dataoff, IPPROTO_UDP,
-                               skb->ip_summed == CHECKSUM_HW
-                               ? csum_sub(skb->csum,
-                                          skb_checksum(skb, 0, dataoff, 0))
-                               : skb_checksum(skb, dataoff, skb->len - dataoff,
-                                              0));
-}
-static int udp_error4(struct sk_buff *skb,
-                      unsigned int dataoff,
-                      enum ip_conntrack_info *ctinfo,
-                      int pf,
-                      unsigned int hooknum)
-{
-        return udp_error(skb, dataoff, ctinfo, pf, hooknum, csum4);
-}
-static int udp_error6(struct sk_buff *skb,
-                      unsigned int dataoff,
-                      enum ip_conntrack_info *ctinfo,
-                      int pf,
-                      unsigned int hooknum)
-{
-        return udp_error(skb, dataoff, ctinfo, pf, hooknum, csum6);
-}
 struct nf_conntrack_protocol nf_conntrack_protocol_udp4 =
 {
        .l3proto                = PF_INET,
@@ -197,7 +157,7 @@ struct nf_conntrack_protocol nf_conntrack_protocol_udp4 =
        .print_conntrack        = udp_print_conntrack,
        .packet                 = udp_packet,
        .new                    = udp_new,
-        .error                  = udp_error4,
+        .error                  = udp_error,
 #if defined(CONFIG_NF_CT_NETLINK) || \
    defined(CONFIG_NF_CT_NETLINK_MODULE)
        .tuple_to_nfattr        = nf_ct_port_tuple_to_nfattr,
@@ -216,7 +176,7 @@ struct nf_conntrack_protocol nf_conntrack_protocol_udp6 =
        .print_conntrack        = udp_print_conntrack,
        .packet                 = udp_packet,
        .new                    = udp_new,
-        .error                  = udp_error6,
+        .error                  = udp_error,
 #if defined(CONFIG_NF_CT_NETLINK) || \
    defined(CONFIG_NF_CT_NETLINK_MODULE)
        .tuple_to_nfattr        = nf_ct_port_tuple_to_nfattr,
author	Patrick McHardy <kaber@trash.net>	2006-04-06 17:19:24 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-04-10 01:25:42 -0400
commit	96f6bf82ea3abc77d255d5d554df5f349651f6de (patch)
tree	7050071415f6e0ab56ee6d9a51680b30c3876a94 /net/netfilter
parent	422c346fad806e2abaeffac686860ebc98dfe33e (diff)

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 6492ed66fb3..69899f27d26 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -799,8 +799,7 @@ static int tcp_error(struct sk_buff *skb,
799	unsigned int dataoff,	799	unsigned int dataoff,
800	enum ip_conntrack_info *ctinfo,	800	enum ip_conntrack_info *ctinfo,
801	int pf,	801	int pf,
802	unsigned int hooknum,	802	unsigned int hooknum)
803	int(csum)(const struct sk_buff ,unsigned int))
804	{	803	{
805	struct tcphdr _tcph, *th;	804	struct tcphdr _tcph, *th;
806	unsigned int tcplen = skb->len - dataoff;	805	unsigned int tcplen = skb->len - dataoff;
@@ -830,9 +829,8 @@ static int tcp_error(struct sk_buff *skb,
830	*/	829	*/
831	/* FIXME: Source route IP option packets --RR */	830	/* FIXME: Source route IP option packets --RR */
832	if (((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) \|\|	831	if (((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) \|\|
833	(pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING))	832	(pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
834	&& skb->ip_summed != CHECKSUM_UNNECESSARY	833	nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) {
835	&& csum(skb, dataoff)) {
836	if (LOG_INVALID(IPPROTO_TCP))	834	if (LOG_INVALID(IPPROTO_TCP))
837	nf_log_packet(pf, 0, skb, NULL, NULL, NULL,	835	nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
838	"nf_ct_tcp: bad TCP checksum ");	836	"nf_ct_tcp: bad TCP checksum ");
@@ -851,44 +849,6 @@ static int tcp_error(struct sk_buff *skb,
851	return NF_ACCEPT;	849	return NF_ACCEPT;
852	}	850	}
853		851
854	static int csum4(const struct sk_buff *skb, unsigned int dataoff)
855	{
856	return csum_tcpudp_magic(skb->nh.iph->saddr, skb->nh.iph->daddr,
857	skb->len - dataoff, IPPROTO_TCP,
858	skb->ip_summed == CHECKSUM_HW ? skb->csum
859	: skb_checksum(skb, dataoff,
860	skb->len - dataoff, 0));
861	}
862
863	static int csum6(const struct sk_buff *skb, unsigned int dataoff)
864	{
865	return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
866	skb->len - dataoff, IPPROTO_TCP,
867	skb->ip_summed == CHECKSUM_HW
868	? csum_sub(skb->csum,
869	skb_checksum(skb, 0, dataoff, 0))
870	: skb_checksum(skb, dataoff, skb->len - dataoff,
871	0));
872	}
873
874	static int tcp_error4(struct sk_buff *skb,
875	unsigned int dataoff,
876	enum ip_conntrack_info *ctinfo,
877	int pf,
878	unsigned int hooknum)
879	{
880	return tcp_error(skb, dataoff, ctinfo, pf, hooknum, csum4);
881	}
882
883	static int tcp_error6(struct sk_buff *skb,
884	unsigned int dataoff,
885	enum ip_conntrack_info *ctinfo,
886	int pf,
887	unsigned int hooknum)
888	{
889	return tcp_error(skb, dataoff, ctinfo, pf, hooknum, csum6);
890	}
891
892	/* Returns verdict for packet, or -1 for invalid. */	852	/* Returns verdict for packet, or -1 for invalid. */
893	static int tcp_packet(struct nf_conn *conntrack,	853	static int tcp_packet(struct nf_conn *conntrack,
894	const struct sk_buff *skb,	854	const struct sk_buff *skb,
@@ -1218,7 +1178,7 @@ struct nf_conntrack_protocol nf_conntrack_protocol_tcp4 =
1218	.print_conntrack = tcp_print_conntrack,	1178	.print_conntrack = tcp_print_conntrack,
1219	.packet = tcp_packet,	1179	.packet = tcp_packet,
1220	.new = tcp_new,	1180	.new = tcp_new,
1221	.error = tcp_error4,	1181	.error = tcp_error,
1222	#if defined(CONFIG_NF_CT_NETLINK) \|\| \	1182	#if defined(CONFIG_NF_CT_NETLINK) \|\| \
1223	defined(CONFIG_NF_CT_NETLINK_MODULE)	1183	defined(CONFIG_NF_CT_NETLINK_MODULE)
1224	.to_nfattr = tcp_to_nfattr,	1184	.to_nfattr = tcp_to_nfattr,
@@ -1239,7 +1199,7 @@ struct nf_conntrack_protocol nf_conntrack_protocol_tcp6 =
1239	.print_conntrack = tcp_print_conntrack,	1199	.print_conntrack = tcp_print_conntrack,
1240	.packet = tcp_packet,	1200	.packet = tcp_packet,
1241	.new = tcp_new,	1201	.new = tcp_new,
1242	.error = tcp_error6,	1202	.error = tcp_error,
1243	#if defined(CONFIG_NF_CT_NETLINK) \|\| \	1203	#if defined(CONFIG_NF_CT_NETLINK) \|\| \
1244	defined(CONFIG_NF_CT_NETLINK_MODULE)	1204	defined(CONFIG_NF_CT_NETLINK_MODULE)
1245	.to_nfattr = tcp_to_nfattr,	1205	.to_nfattr = tcp_to_nfattr,


diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index 831d206344e..d93edbfde9e 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -103,8 +103,7 @@ static int udp_new(struct nf_conn conntrack, const struct sk_buff skb,
103	static int udp_error(struct sk_buff *skb, unsigned int dataoff,	103	static int udp_error(struct sk_buff *skb, unsigned int dataoff,
104	enum ip_conntrack_info *ctinfo,	104	enum ip_conntrack_info *ctinfo,
105	int pf,	105	int pf,
106	unsigned int hooknum,	106	unsigned int hooknum)
107	int (csum)(const struct sk_buff , unsigned int))
108	{	107	{
109	unsigned int udplen = skb->len - dataoff;	108	unsigned int udplen = skb->len - dataoff;
110	struct udphdr _hdr, *hdr;	109	struct udphdr _hdr, *hdr;
@@ -136,9 +135,8 @@ static int udp_error(struct sk_buff *skb, unsigned int dataoff,
136	* and moreover root might send raw packets.	135	* and moreover root might send raw packets.
137	* FIXME: Source route IP option packets --RR */	136	* FIXME: Source route IP option packets --RR */
138	if (((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) \|\|	137	if (((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) \|\|
139	(pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING))	138	(pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
140	&& skb->ip_summed != CHECKSUM_UNNECESSARY	139	nf_checksum(skb, hooknum, dataoff, IPPROTO_UDP, pf)) {
141	&& csum(skb, dataoff)) {
142	if (LOG_INVALID(IPPROTO_UDP))	140	if (LOG_INVALID(IPPROTO_UDP))
143	nf_log_packet(pf, 0, skb, NULL, NULL, NULL,	141	nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
144	"nf_ct_udp: bad UDP checksum ");	142	"nf_ct_udp: bad UDP checksum ");
@@ -148,44 +146,6 @@ static int udp_error(struct sk_buff *skb, unsigned int dataoff,
148	return NF_ACCEPT;	146	return NF_ACCEPT;
149	}	147	}
150		148
151	static int csum4(const struct sk_buff *skb, unsigned int dataoff)
152	{
153	return csum_tcpudp_magic(skb->nh.iph->saddr, skb->nh.iph->daddr,
154	skb->len - dataoff, IPPROTO_UDP,
155	skb->ip_summed == CHECKSUM_HW ? skb->csum
156	: skb_checksum(skb, dataoff,
157	skb->len - dataoff, 0));
158	}
159
160	static int csum6(const struct sk_buff *skb, unsigned int dataoff)
161	{
162	return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
163	skb->len - dataoff, IPPROTO_UDP,
164	skb->ip_summed == CHECKSUM_HW
165	? csum_sub(skb->csum,
166	skb_checksum(skb, 0, dataoff, 0))
167	: skb_checksum(skb, dataoff, skb->len - dataoff,
168	0));
169	}
170
171	static int udp_error4(struct sk_buff *skb,
172	unsigned int dataoff,
173	enum ip_conntrack_info *ctinfo,
174	int pf,
175	unsigned int hooknum)
176	{
177	return udp_error(skb, dataoff, ctinfo, pf, hooknum, csum4);
178	}
179
180	static int udp_error6(struct sk_buff *skb,
181	unsigned int dataoff,
182	enum ip_conntrack_info *ctinfo,
183	int pf,
184	unsigned int hooknum)
185	{
186	return udp_error(skb, dataoff, ctinfo, pf, hooknum, csum6);
187	}
188
189	struct nf_conntrack_protocol nf_conntrack_protocol_udp4 =	149	struct nf_conntrack_protocol nf_conntrack_protocol_udp4 =
190	{	150	{
191	.l3proto = PF_INET,	151	.l3proto = PF_INET,
@@ -197,7 +157,7 @@ struct nf_conntrack_protocol nf_conntrack_protocol_udp4 =
197	.print_conntrack = udp_print_conntrack,	157	.print_conntrack = udp_print_conntrack,
198	.packet = udp_packet,	158	.packet = udp_packet,
199	.new = udp_new,	159	.new = udp_new,
200	.error = udp_error4,	160	.error = udp_error,
201	#if defined(CONFIG_NF_CT_NETLINK) \|\| \	161	#if defined(CONFIG_NF_CT_NETLINK) \|\| \
202	defined(CONFIG_NF_CT_NETLINK_MODULE)	162	defined(CONFIG_NF_CT_NETLINK_MODULE)
203	.tuple_to_nfattr = nf_ct_port_tuple_to_nfattr,	163	.tuple_to_nfattr = nf_ct_port_tuple_to_nfattr,
@@ -216,7 +176,7 @@ struct nf_conntrack_protocol nf_conntrack_protocol_udp6 =
216	.print_conntrack = udp_print_conntrack,	176	.print_conntrack = udp_print_conntrack,
217	.packet = udp_packet,	177	.packet = udp_packet,
218	.new = udp_new,	178	.new = udp_new,
219	.error = udp_error6,	179	.error = udp_error,
220	#if defined(CONFIG_NF_CT_NETLINK) \|\| \	180	#if defined(CONFIG_NF_CT_NETLINK) \|\| \
221	defined(CONFIG_NF_CT_NETLINK_MODULE)	181	defined(CONFIG_NF_CT_NETLINK_MODULE)
222	.tuple_to_nfattr = nf_ct_port_tuple_to_nfattr,	182	.tuple_to_nfattr = nf_ct_port_tuple_to_nfattr,