[NET]: Added GSO header verification

When GSO packets come from an untrusted source (e.g., a Xen guest domain), we need to verify the header integrity before passing it to the hardware. Since the first step in GSO is to verify the header, we can reuse that code by adding a new bit to gso_type: SKB_GSO_DODGY. Packets with this bit set can only be fed directly to devices with the corresponding bit NETIF_F_GSO_ROBUST. If the device doesn't have that bit, then the skb is fed to the GSO engine which will allow the packet to be sent to the hardware if it passes the header check. This patch changes the sg flag to a full features flag. The same method can be used to implement TSO ECN support. We simply have to mark packets with CWR set with SKB_GSO_ECN so that only hardware with a corresponding NETIF_F_TSO_ECN can accept them. The GSO engine can either fully segment the packet, or segment the first MTU and pass the rest to the hardware for further segmentation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2006-06-27 16:22:38 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-06-29 19:57:53 -0400
commit: 576a30eb6453439b3c37ba24455ac7090c247b5a (patch)
tree: e0c427a61e3de5c93e797c09903d910f6f060e64 /net/ipv4
parent: 68c1692e3ea5d79f24cb5cc566c4a73939d13d25 (diff)
2 files changed, 9 insertions, 5 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 461216b47948..8d157157bf8e 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1097,7 +1097,7 @@ int inet_sk_rebuild_header(struct sock *sk)
 EXPORT_SYMBOL(inet_sk_rebuild_header);
-static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int sg)
+static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features)
 {
        struct sk_buff *segs = ERR_PTR(-EINVAL);
        struct iphdr *iph;
@@ -1126,10 +1126,10 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int sg)
        rcu_read_lock();
        ops = rcu_dereference(inet_protos[proto]);
        if (ops && ops->gso_segment)
-                segs = ops->gso_segment(skb, sg);
+                segs = ops->gso_segment(skb, features);
        rcu_read_unlock();
-        if (IS_ERR(segs))
+        if (!segs || unlikely(IS_ERR(segs)))
                goto out;
        skb = segs;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index c04176be7ed1..0336422c88a0 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2145,7 +2145,7 @@ int compat_tcp_getsockopt(struct sock *sk, int level, int optname,
 EXPORT_SYMBOL(compat_tcp_getsockopt);
 #endif
-struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int sg)
+struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int features)
 {
        struct sk_buff *segs = ERR_PTR(-EINVAL);
        struct tcphdr *th;
@@ -2166,10 +2166,14 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int sg)
        if (!pskb_may_pull(skb, thlen))
                goto out;
+        segs = NULL;
+        if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST))
+                goto out;
        oldlen = (u16)~skb->len;
        __skb_pull(skb, thlen);
-        segs = skb_segment(skb, sg);
+        segs = skb_segment(skb, features);
        if (IS_ERR(segs))
                goto out;
author	Herbert Xu <herbert@gondor.apana.org.au>	2006-06-27 16:22:38 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-06-29 19:57:53 -0400
commit	576a30eb6453439b3c37ba24455ac7090c247b5a (patch)
tree	e0c427a61e3de5c93e797c09903d910f6f060e64 /net/ipv4
parent	68c1692e3ea5d79f24cb5cc566c4a73939d13d25 (diff)