[NETFILTER]: Add partial checksum validation helper

Move the UDP-Lite conntrack checksum validation to a generic helper
similar to nf_checksum() and make it fall back to nf_checksum()
in case the full packet is to be checksummed and hardware checksums
are available. This is to be used by DCCP conntrack, which also
needs to verify partial checksums.

Signed-off-by: Patrick McHardy <kaber@trash.net>

1 files changed, 30 insertions, 7 deletions

diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 9a904c6c0dc8..f8edacdf991d 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -182,21 +182,44 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
         }
         return csum;
 }
-
 EXPORT_SYMBOL(nf_ip_checksum);
 
+static __sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook,
+                                      unsigned int dataoff, unsigned int len,
+                                      u_int8_t protocol)
+{
+        const struct iphdr *iph = ip_hdr(skb);
+        __sum16 csum = 0;
+
+        switch (skb->ip_summed) {
+        case CHECKSUM_COMPLETE:
+                if (len == skb->len - dataoff)
+                        return nf_ip_checksum(skb, hook, dataoff, protocol);
+                /* fall through */
+        case CHECKSUM_NONE:
+                skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr, protocol,
+                                               skb->len - dataoff, 0);
+                skb->ip_summed = CHECKSUM_NONE;
+                csum = __skb_checksum_complete_head(skb, dataoff + len);
+                if (!csum)
+                        skb->ip_summed = CHECKSUM_UNNECESSARY;
+        }
+        return csum;
+}
+
 static int nf_ip_route(struct dst_entry **dst, struct flowi *fl)
 {
         return ip_route_output_key(&init_net, (struct rtable **)dst, fl);
 }
 
 static const struct nf_afinfo nf_ip_afinfo = {
-        .family         = AF_INET,
-        .checksum       = nf_ip_checksum,
-        .route          = nf_ip_route,
-        .saveroute      = nf_ip_saveroute,
-        .reroute        = nf_ip_reroute,
-        .route_key_size = sizeof(struct ip_rt_info),
+        .family                 = AF_INET,
+        .checksum               = nf_ip_checksum,
+        .checksum_partial       = nf_ip_checksum_partial,
+        .route                  = nf_ip_route,
+        .saveroute              = nf_ip_saveroute,
+        .reroute                = nf_ip_reroute,
+        .route_key_size         = sizeof(struct ip_rt_info),
 };
 
 static int ipv4_netfilter_init(void)