6 files changed, 654 insertions, 0 deletions
diff --git a/include/linux/tc_act/Kbuild b/include/linux/tc_act/Kbuild
index 76990937f4c9..67b501c302b2 100644
--- a/include/linux/tc_act/Kbuild
+++ b/include/linux/tc_act/Kbuild
@@ -4,3 +4,4 @@ header-y += tc_mirred.h
 header-y += tc_pedit.h
 header-y += tc_nat.h
 header-y += tc_skbedit.h
+header-y += tc_csum.h
diff --git a/include/linux/tc_act/tc_csum.h b/include/linux/tc_act/tc_csum.h
new file mode 100644
index 000000000000..a047c49a3153
--- /dev/null
+++ b/include/linux/tc_act/tc_csum.h
@@ -0,0 +1,32 @@
+#ifndef __LINUX_TC_CSUM_H
+#define __LINUX_TC_CSUM_H
+#include <linux/types.h>
+#include <linux/pkt_cls.h>
+#define TCA_ACT_CSUM 16
+enum {
+        TCA_CSUM_UNSPEC,
+        TCA_CSUM_PARMS,
+        TCA_CSUM_TM,
+        __TCA_CSUM_MAX
+};
+#define TCA_CSUM_MAX (__TCA_CSUM_MAX - 1)
+enum {
+        TCA_CSUM_UPDATE_FLAG_IPV4HDR = 1,
+        TCA_CSUM_UPDATE_FLAG_ICMP    = 2,
+        TCA_CSUM_UPDATE_FLAG_IGMP    = 4,
+        TCA_CSUM_UPDATE_FLAG_TCP     = 8,
+        TCA_CSUM_UPDATE_FLAG_UDP     = 16,
+        TCA_CSUM_UPDATE_FLAG_UDPLITE = 32
+};
+struct tc_csum {
+        tc_gen;
+        __u32 update_flags;
+};
+#endif /* __LINUX_TC_CSUM_H */
diff --git a/include/net/tc_act/tc_csum.h b/include/net/tc_act/tc_csum.h
new file mode 100644
index 000000000000..9e8710be7a04
--- /dev/null
+++ b/include/net/tc_act/tc_csum.h
@@ -0,0 +1,15 @@
+#ifndef __NET_TC_CSUM_H
+#define __NET_TC_CSUM_H
+#include <linux/types.h>
+#include <net/act_api.h>
+struct tcf_csum {
+        struct tcf_common common;
+        u32 update_flags;
+};
+#define to_tcf_csum(pc) \
+        container_of(pc,struct tcf_csum,common)
+#endif /* __NET_TC_CSUM_H */
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 2f691fb180d1..522d5a9a2825 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -518,6 +518,16 @@ config NET_ACT_SKBEDIT
          To compile this code as a module, choose M here: the
          module will be called act_skbedit.
+config NET_ACT_CSUM
+        tristate "Checksum Updating"
+        depends on NET_CLS_ACT
+        ---help---
+          Say Y here to update some common checksum after some direct
+          packet alterations.
+          To compile this code as a module, choose M here: the
+          module will be called act_csum.
 config NET_CLS_IND
        bool "Incoming device classification"
        depends on NET_CLS_U32 || NET_CLS_FW
diff --git a/net/sched/Makefile b/net/sched/Makefile
index f14e71bfa58f..960f5dba6304 100644
--- a/net/sched/Makefile
+++ b/net/sched/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_NET_ACT_NAT)	+= act_nat.o
 obj-$(CONFIG_NET_ACT_PEDIT)     += act_pedit.o
 obj-$(CONFIG_NET_ACT_SIMP)      += act_simple.o
 obj-$(CONFIG_NET_ACT_SKBEDIT)   += act_skbedit.o
+obj-$(CONFIG_NET_ACT_CSUM)      += act_csum.o
 obj-$(CONFIG_NET_SCH_FIFO)      += sch_fifo.o
 obj-$(CONFIG_NET_SCH_CBQ)       += sch_cbq.o
 obj-$(CONFIG_NET_SCH_HTB)       += sch_htb.o
diff --git a/net/sched/act_csum.c b/net/sched/act_csum.c
new file mode 100644
index 000000000000..58d7f36949da
--- /dev/null
+++ b/net/sched/act_csum.c
@@ -0,0 +1,595 @@
+/*
+ * Checksum updating actions
+ *
+ * Copyright (c) 2010 Gregoire Baron <baronchon@n7mm.org>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include <linux/types.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/spinlock.h>
+#include <linux/netlink.h>
+#include <net/netlink.h>
+#include <linux/rtnetlink.h>
+#include <linux/skbuff.h>
+#include <net/ip.h>
+#include <net/ipv6.h>
+#include <net/icmp.h>
+#include <linux/icmpv6.h>
+#include <linux/igmp.h>
+#include <net/tcp.h>
+#include <net/udp.h>
+#include <net/act_api.h>
+#include <linux/tc_act/tc_csum.h>
+#include <net/tc_act/tc_csum.h>
+#define CSUM_TAB_MASK 15
+static struct tcf_common *tcf_csum_ht[CSUM_TAB_MASK + 1];
+static u32 csum_idx_gen;
+static DEFINE_RWLOCK(csum_lock);
+static struct tcf_hashinfo csum_hash_info = {
+        .htab   =       tcf_csum_ht,
+        .hmask  =       CSUM_TAB_MASK,
+        .lock   =       &csum_lock,
+};
+static const struct nla_policy csum_policy[TCA_CSUM_MAX + 1] = {
+        [TCA_CSUM_PARMS] = { .len = sizeof(struct tc_csum), },
+};
+static int tcf_csum_init(struct nlattr *nla, struct nlattr *est,
+                         struct tc_action *a, int ovr, int bind)
+{
+        struct nlattr *tb[TCA_CSUM_MAX + 1];
+        struct tc_csum *parm;
+        struct tcf_common *pc;
+        struct tcf_csum *p;
+        int ret = 0, err;
+        if (nla == NULL)
+                return -EINVAL;
+        err = nla_parse_nested(tb, TCA_CSUM_MAX, nla,csum_policy);
+        if (err < 0)
+                return err;
+        if (tb[TCA_CSUM_PARMS] == NULL)
+                return -EINVAL;
+        parm = nla_data(tb[TCA_CSUM_PARMS]);
+        pc = tcf_hash_check(parm->index, a, bind, &csum_hash_info);
+        if (!pc) {
+                pc = tcf_hash_create(parm->index, est, a, sizeof(*p), bind, &csum_idx_gen, &csum_hash_info);
+                if (IS_ERR(pc))
+                        return PTR_ERR(pc);
+                p = to_tcf_csum(pc);
+                ret = ACT_P_CREATED;
+        } else {
+                p = to_tcf_csum(pc);
+                if (!ovr) {
+                        tcf_hash_release(pc, bind, &csum_hash_info);
+                        return -EEXIST;
+                }
+        }
+        spin_lock_bh(&p->tcf_lock);
+        p->tcf_action = parm->action;
+        p->update_flags = parm->update_flags;
+        spin_unlock_bh(&p->tcf_lock);
+        if (ret == ACT_P_CREATED)
+                tcf_hash_insert(pc, &csum_hash_info);
+        return ret;
+}
+static int tcf_csum_cleanup(struct tc_action *a, int bind)
+{
+        struct tcf_csum *p = a->priv;
+        return tcf_hash_release(&p->common, bind, &csum_hash_info);
+}
+/**
+ * tcf_csum_skb_nextlayer - Get next layer pointer
+ * @skb: sk_buff to use
+ * @ihl: previous summed headers length
+ * @ipl: complete packet length
+ * @jhl: next header length
+ *
+ * Check the expected next layer availability in the specified sk_buff.
+ * Return the next layer pointer if pass, NULL otherwise.
+ */
+static void *tcf_csum_skb_nextlayer(struct sk_buff *skb,
+                                    unsigned int ihl, unsigned int ipl,
+                                    unsigned int jhl)
+{
+        int ntkoff = skb_network_offset(skb);
+        int hl = ihl + jhl;
+        if (!pskb_may_pull(skb, ipl + ntkoff) || (ipl < hl) ||
+            (skb_cloned(skb) &&
+             !skb_clone_writable(skb, hl + ntkoff) &&
+             pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
+                return NULL;
+        else
+                return (void *)(skb_network_header(skb) + ihl);
+}
+static int tcf_csum_ipv4_icmp(struct sk_buff *skb,
+                              unsigned int ihl, unsigned int ipl)
+{
+        struct icmphdr *icmph;
+        icmph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*icmph));
+        if (icmph == NULL)
+                return 0;
+        icmph->checksum = 0;
+        skb->csum = csum_partial(icmph, ipl - ihl, 0);
+        icmph->checksum = csum_fold(skb->csum);
+        skb->ip_summed = CHECKSUM_NONE;
+        return 1;
+}
+static int tcf_csum_ipv4_igmp(struct sk_buff *skb,
+                              unsigned int ihl, unsigned int ipl)
+{
+        struct igmphdr *igmph;
+        igmph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*igmph));
+        if (igmph == NULL)
+                return 0;
+        igmph->csum = 0;
+        skb->csum = csum_partial(igmph, ipl - ihl, 0);
+        igmph->csum = csum_fold(skb->csum);
+        skb->ip_summed = CHECKSUM_NONE;
+        return 1;
+}
+static int tcf_csum_ipv6_icmp(struct sk_buff *skb, struct ipv6hdr *ip6h,
+                              unsigned int ihl, unsigned int ipl)
+{
+        struct icmp6hdr *icmp6h;
+        icmp6h = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*icmp6h));
+        if (icmp6h == NULL)
+                return 0;
+        icmp6h->icmp6_cksum = 0;
+        skb->csum = csum_partial(icmp6h, ipl - ihl, 0);
+        icmp6h->icmp6_cksum = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
+                                              ipl - ihl, IPPROTO_ICMPV6,
+                                              skb->csum);
+        skb->ip_summed = CHECKSUM_NONE;
+        return 1;
+}
+static int tcf_csum_ipv4_tcp(struct sk_buff *skb, struct iphdr *iph,
+                             unsigned int ihl, unsigned int ipl)
+{
+        struct tcphdr *tcph;
+        tcph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*tcph));
+        if (tcph == NULL)
+                return 0;
+        tcph->check = 0;
+        skb->csum = csum_partial(tcph, ipl - ihl, 0);
+        tcph->check = tcp_v4_check(ipl - ihl,
+                                   iph->saddr, iph->daddr, skb->csum);
+        skb->ip_summed = CHECKSUM_NONE;
+        return 1;
+}
+static int tcf_csum_ipv6_tcp(struct sk_buff *skb, struct ipv6hdr *ip6h,
+                             unsigned int ihl, unsigned int ipl)
+{
+        struct tcphdr *tcph;
+        tcph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*tcph));
+        if (tcph == NULL)
+                return 0;
+        tcph->check = 0;
+        skb->csum = csum_partial(tcph, ipl - ihl, 0);
+        tcph->check = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
+                                      ipl - ihl, IPPROTO_TCP,
+                                      skb->csum);
+        skb->ip_summed = CHECKSUM_NONE;
+        return 1;
+}
+static int tcf_csum_ipv4_udp(struct sk_buff *skb, struct iphdr *iph,
+                             unsigned int ihl, unsigned int ipl, int udplite)
+{
+        struct udphdr *udph;
+        u16 ul;
+        /* Support both UDP and UDPLITE checksum algorithms,
+         * Don't use udph->len to get the real length without any protocol check,
+         * UDPLITE uses udph->len for another thing,
+         * Use iph->tot_len, or just ipl.
+         */
+        udph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*udph));
+        if (udph == NULL)
+                return 0;
+        ul = ntohs(udph->len);
+        if (udplite || udph->check) {
+                udph->check = 0;
+                if (udplite) {
+                        if (ul == 0)
+                                skb->csum = csum_partial(udph, ipl - ihl, 0);
+                        else if ((ul >= sizeof(*udph)) && (ul <= ipl - ihl))
+                                skb->csum = csum_partial(udph, ul, 0);
+                        else
+                                goto ignore_obscure_skb;
+                } else {
+                        if (ul != ipl - ihl)
+                                goto ignore_obscure_skb;
+                        skb->csum = csum_partial(udph, ul, 0);
+                }
+                udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
+                                                ul, iph->protocol,
+                                                skb->csum);
+                if (!udph->check)
+                        udph->check = CSUM_MANGLED_0;
+        }
+        skb->ip_summed = CHECKSUM_NONE;
+ignore_obscure_skb:
+        return 1;
+}
+static int tcf_csum_ipv6_udp(struct sk_buff *skb, struct ipv6hdr *ip6h,
+                             unsigned int ihl, unsigned int ipl, int udplite)
+{
+        struct udphdr *udph;
+        u16 ul;
+        /* Support both UDP and UDPLITE checksum algorithms,
+         * Don't use udph->len to get the real length without any protocol check,
+         * UDPLITE uses udph->len for another thing,
+         * Use ip6h->payload_len + sizeof(*ip6h) ... , or just ipl.
+         */
+        udph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*udph));
+        if (udph == NULL)
+                return 0;
+        ul = ntohs(udph->len);
+        udph->check = 0;
+        if (udplite) {
+                if (ul == 0)
+                        skb->csum = csum_partial(udph, ipl - ihl, 0);
+                else if ((ul >= sizeof(*udph)) && (ul <= ipl - ihl))
+                        skb->csum = csum_partial(udph, ul, 0);
+                else
+                        goto ignore_obscure_skb;
+        } else {
+                if (ul != ipl - ihl)
+                        goto ignore_obscure_skb;
+                skb->csum = csum_partial(udph, ul, 0);
+        }
+        udph->check = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, ul,
+                                      udplite ? IPPROTO_UDPLITE : IPPROTO_UDP,
+                                      skb->csum);
+        if (!udph->check)
+                udph->check = CSUM_MANGLED_0;
+        skb->ip_summed = CHECKSUM_NONE;
+ignore_obscure_skb:
+        return 1;
+}
+static int tcf_csum_ipv4(struct sk_buff *skb, u32 update_flags)
+{
+        struct iphdr *iph;
+        int ntkoff;
+        ntkoff = skb_network_offset(skb);
+        if (!pskb_may_pull(skb, sizeof(*iph) + ntkoff))
+                goto fail;
+        iph = ip_hdr(skb);
+        switch (iph->frag_off & htons(IP_OFFSET) ? 0 : iph->protocol) {
+        case IPPROTO_ICMP:
+                if (update_flags & TCA_CSUM_UPDATE_FLAG_ICMP)
+                        if (!tcf_csum_ipv4_icmp(skb,
+                                                iph->ihl * 4, ntohs(iph->tot_len)))
+                                goto fail;
+                break;
+        case IPPROTO_IGMP:
+                if (update_flags & TCA_CSUM_UPDATE_FLAG_IGMP)
+                        if (!tcf_csum_ipv4_igmp(skb,
+                                                iph->ihl * 4, ntohs(iph->tot_len)))
+                                goto fail;
+                break;
+        case IPPROTO_TCP:
+                if (update_flags & TCA_CSUM_UPDATE_FLAG_TCP)
+                        if (!tcf_csum_ipv4_tcp(skb, iph,
+                                               iph->ihl * 4, ntohs(iph->tot_len)))
+                                goto fail;
+                break;
+        case IPPROTO_UDP:
+                if (update_flags & TCA_CSUM_UPDATE_FLAG_UDP)
+                        if (!tcf_csum_ipv4_udp(skb, iph,
+                                               iph->ihl * 4, ntohs(iph->tot_len), 0))
+                                goto fail;
+                break;
+        case IPPROTO_UDPLITE:
+                if (update_flags & TCA_CSUM_UPDATE_FLAG_UDPLITE)
+                        if (!tcf_csum_ipv4_udp(skb, iph,
+                                               iph->ihl * 4, ntohs(iph->tot_len), 1))
+                                goto fail;
+                break;
+        }
+        if (update_flags & TCA_CSUM_UPDATE_FLAG_IPV4HDR) {
+                if (skb_cloned(skb) &&
+                    !skb_clone_writable(skb, sizeof(*iph) + ntkoff) &&
+                    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+                        goto fail;
+                ip_send_check(iph);
+        }
+        return 1;
+fail:
+        return 0;
+}
+static int tcf_csum_ipv6_hopopts(struct ipv6_opt_hdr *ip6xh,
+                                  unsigned int ixhl, unsigned int *pl)
+{
+        int off, len, optlen;
+        unsigned char *xh = (void *)ip6xh;
+        off = sizeof(*ip6xh);
+        len = ixhl - off;
+        while (len > 1) {
+                switch (xh[off])
+                {
+                case IPV6_TLV_PAD0:
+                        optlen = 1;
+                        break;
+                case IPV6_TLV_JUMBO:
+                        optlen = xh[off + 1] + 2;
+                        if (optlen != 6 || len < 6 || (off & 3) != 2)
+                                /* wrong jumbo option length/alignment */
+                                return 0;
+                        *pl = ntohl(*(__be32 *)(xh + off + 2));
+                        goto done;
+                default:
+                        optlen = xh[off + 1] + 2;
+                        if (optlen > len)
+                                /* ignore obscure options */
+                                goto done;
+                        break;
+                }
+                off += optlen;
+                len -= optlen;
+        }
+done:
+        return 1;
+}
+static int tcf_csum_ipv6(struct sk_buff *skb, u32 update_flags)
+{
+        struct ipv6hdr *ip6h;
+        struct ipv6_opt_hdr *ip6xh;
+        unsigned int hl, ixhl;
+        unsigned int pl;
+        int ntkoff;
+        u8 nexthdr;
+        ntkoff = skb_network_offset(skb);
+        hl = sizeof(*ip6h);
+        if (!pskb_may_pull(skb, hl + ntkoff))
+                goto fail;
+        ip6h = ipv6_hdr(skb);
+        pl = ntohs(ip6h->payload_len);
+        nexthdr = ip6h->nexthdr;
+        do {
+                switch (nexthdr) {
+                case NEXTHDR_FRAGMENT:
+                        goto ignore_skb;
+                case NEXTHDR_ROUTING:
+                case NEXTHDR_HOP:
+                case NEXTHDR_DEST:
+                        if (!pskb_may_pull(skb, hl + sizeof(*ip6xh) + ntkoff))
+                                goto fail;
+                        ip6xh = (void *)(skb_network_header(skb) + hl);
+                        ixhl = ipv6_optlen(ip6xh);
+                        if (!pskb_may_pull(skb, hl + ixhl + ntkoff))
+                                goto fail;
+                        if ((nexthdr == NEXTHDR_HOP) &&
+                            !(tcf_csum_ipv6_hopopts(ip6xh, ixhl, &pl)))
+                                goto fail;
+                        nexthdr = ip6xh->nexthdr;
+                        hl += ixhl;
+                        break;
+                case IPPROTO_ICMPV6:
+                        if (update_flags & TCA_CSUM_UPDATE_FLAG_ICMP)
+                                if (!tcf_csum_ipv6_icmp(skb, ip6h,
+                                                        hl, pl + sizeof(*ip6h)))
+                                        goto fail;
+                        goto done;
+                case IPPROTO_TCP:
+                        if (update_flags & TCA_CSUM_UPDATE_FLAG_TCP)
+                                if (!tcf_csum_ipv6_tcp(skb, ip6h,
+                                                       hl, pl + sizeof(*ip6h)))
+                                        goto fail;
+                        goto done;
+                case IPPROTO_UDP:
+                        if (update_flags & TCA_CSUM_UPDATE_FLAG_UDP)
+                                if (!tcf_csum_ipv6_udp(skb, ip6h,
+                                                       hl, pl + sizeof(*ip6h), 0))
+                                        goto fail;
+                        goto done;
+                case IPPROTO_UDPLITE:
+                        if (update_flags & TCA_CSUM_UPDATE_FLAG_UDPLITE)
+                                if (!tcf_csum_ipv6_udp(skb, ip6h,
+                                                       hl, pl + sizeof(*ip6h), 1))
+                                        goto fail;
+                        goto done;
+                default:
+                        goto ignore_skb;
+                }
+        } while (pskb_may_pull(skb, hl + 1 + ntkoff));
+done:
+ignore_skb:
+        return 1;
+fail:
+        return 0;
+}
+static int tcf_csum(struct sk_buff *skb,
+                    struct tc_action *a, struct tcf_result *res)
+{
+        struct tcf_csum *p = a->priv;
+        int action;
+        u32 update_flags;
+        spin_lock(&p->tcf_lock);
+        p->tcf_tm.lastuse = jiffies;
+        p->tcf_bstats.bytes += qdisc_pkt_len(skb);
+        p->tcf_bstats.packets++;
+        action = p->tcf_action;
+        update_flags = p->update_flags;
+        spin_unlock(&p->tcf_lock);
+        if (unlikely(action == TC_ACT_SHOT))
+                goto drop;
+        switch (skb->protocol) {
+        case cpu_to_be16(ETH_P_IP):
+                if (!tcf_csum_ipv4(skb, update_flags))
+                        goto drop;
+                break;
+        case cpu_to_be16(ETH_P_IPV6):
+                if (!tcf_csum_ipv6(skb, update_flags))
+                        goto drop;
+                break;
+        }
+        return action;
+drop:
+        spin_lock(&p->tcf_lock);
+        p->tcf_qstats.drops++;
+        spin_unlock(&p->tcf_lock);
+        return TC_ACT_SHOT;
+}
+static int tcf_csum_dump(struct sk_buff *skb,
+                         struct tc_action *a, int bind, int ref)
+{
+        unsigned char *b = skb_tail_pointer(skb);
+        struct tcf_csum *p = a->priv;
+        struct tc_csum opt = {
+                .update_flags = p->update_flags,
+                .index   = p->tcf_index,
+                .action  = p->tcf_action,
+                .refcnt  = p->tcf_refcnt - ref,
+                .bindcnt = p->tcf_bindcnt - bind,
+        };
+        struct tcf_t t;
+        NLA_PUT(skb, TCA_CSUM_PARMS, sizeof(opt), &opt);
+        t.install = jiffies_to_clock_t(jiffies - p->tcf_tm.install);
+        t.lastuse = jiffies_to_clock_t(jiffies - p->tcf_tm.lastuse);
+        t.expires = jiffies_to_clock_t(p->tcf_tm.expires);
+        NLA_PUT(skb, TCA_CSUM_TM, sizeof(t), &t);
+        return skb->len;
+nla_put_failure:
+        nlmsg_trim(skb, b);
+        return -1;
+}
+static struct tc_action_ops act_csum_ops = {
+        .kind           =       "csum",
+        .hinfo          =       &csum_hash_info,
+        .type           =       TCA_ACT_CSUM,
+        .capab          =       TCA_CAP_NONE,
+        .owner          =       THIS_MODULE,
+        .act            =       tcf_csum,
+        .dump           =       tcf_csum_dump,
+        .cleanup        =       tcf_csum_cleanup,
+        .lookup         =       tcf_hash_search,
+        .init           =       tcf_csum_init,
+        .walk           =       tcf_generic_walker
+};
+MODULE_DESCRIPTION("Checksum updating actions");
+MODULE_LICENSE("GPL");
+static int __init csum_init_module(void)
+{
+        return tcf_register_action(&act_csum_ops);
+}
+static void __exit csum_cleanup_module(void)
+{
+        tcf_unregister_action(&act_csum_ops);
+}
+module_init(csum_init_module);
+module_exit(csum_cleanup_module);

diff --git a/include/linux/tc_act/Kbuild b/include/linux/tc_act/Kbuild index 76990937f4c9..67b501c302b2 100644 --- a/include/linux/tc_act/Kbuild +++ b/include/linux/tc_act/Kbuild
@@ -4,3 +4,4 @@ header-y += tc_mirred.h
4	header-y += tc_pedit.h	4	header-y += tc_pedit.h
5	header-y += tc_nat.h	5	header-y += tc_nat.h
6	header-y += tc_skbedit.h	6	header-y += tc_skbedit.h
		7	header-y += tc_csum.h


diff --git a/include/linux/tc_act/tc_csum.h b/include/linux/tc_act/tc_csum.h new file mode 100644 index 000000000000..a047c49a3153 --- /dev/null +++ b/include/linux/tc_act/tc_csum.h
@@ -0,0 +1,32 @@
		1	#ifndef __LINUX_TC_CSUM_H
		2	#define __LINUX_TC_CSUM_H
		3
		4	#include <linux/types.h>
		5	#include <linux/pkt_cls.h>
		6
		7	#define TCA_ACT_CSUM 16
		8
		9	enum {
		10	TCA_CSUM_UNSPEC,
		11	TCA_CSUM_PARMS,
		12	TCA_CSUM_TM,
		13	__TCA_CSUM_MAX
		14	};
		15	#define TCA_CSUM_MAX (__TCA_CSUM_MAX - 1)
		16
		17	enum {
		18	TCA_CSUM_UPDATE_FLAG_IPV4HDR = 1,
		19	TCA_CSUM_UPDATE_FLAG_ICMP = 2,
		20	TCA_CSUM_UPDATE_FLAG_IGMP = 4,
		21	TCA_CSUM_UPDATE_FLAG_TCP = 8,
		22	TCA_CSUM_UPDATE_FLAG_UDP = 16,
		23	TCA_CSUM_UPDATE_FLAG_UDPLITE = 32
		24	};
		25
		26	struct tc_csum {
		27	tc_gen;
		28
		29	__u32 update_flags;
		30	};
		31
		32	#endif /* __LINUX_TC_CSUM_H */


diff --git a/include/net/tc_act/tc_csum.h b/include/net/tc_act/tc_csum.h new file mode 100644 index 000000000000..9e8710be7a04 --- /dev/null +++ b/include/net/tc_act/tc_csum.h
@@ -0,0 +1,15 @@
		1	#ifndef __NET_TC_CSUM_H
		2	#define __NET_TC_CSUM_H
		3
		4	#include <linux/types.h>
		5	#include <net/act_api.h>
		6
		7	struct tcf_csum {
		8	struct tcf_common common;
		9
		10	u32 update_flags;
		11	};
		12	#define to_tcf_csum(pc) \
		13	container_of(pc,struct tcf_csum,common)
		14
		15	#endif /* __NET_TC_CSUM_H */


diff --git a/net/sched/Kconfig b/net/sched/Kconfig index 2f691fb180d1..522d5a9a2825 100644 --- a/net/sched/Kconfig +++ b/net/sched/Kconfig
@@ -518,6 +518,16 @@ config NET_ACT_SKBEDIT
518	To compile this code as a module, choose M here: the	518	To compile this code as a module, choose M here: the
519	module will be called act_skbedit.	519	module will be called act_skbedit.
520		520
		521	config NET_ACT_CSUM
		522	tristate "Checksum Updating"
		523	depends on NET_CLS_ACT
		524	---help---
		525	Say Y here to update some common checksum after some direct
		526	packet alterations.
		527
		528	To compile this code as a module, choose M here: the
		529	module will be called act_csum.
		530
521	config NET_CLS_IND	531	config NET_CLS_IND
522	bool "Incoming device classification"	532	bool "Incoming device classification"
523	depends on NET_CLS_U32 \|\| NET_CLS_FW	533	depends on NET_CLS_U32 \|\| NET_CLS_FW


diff --git a/net/sched/Makefile b/net/sched/Makefile index f14e71bfa58f..960f5dba6304 100644 --- a/net/sched/Makefile +++ b/net/sched/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_NET_ACT_NAT) += act_nat.o
15	obj-$(CONFIG_NET_ACT_PEDIT) += act_pedit.o	15	obj-$(CONFIG_NET_ACT_PEDIT) += act_pedit.o
16	obj-$(CONFIG_NET_ACT_SIMP) += act_simple.o	16	obj-$(CONFIG_NET_ACT_SIMP) += act_simple.o
17	obj-$(CONFIG_NET_ACT_SKBEDIT) += act_skbedit.o	17	obj-$(CONFIG_NET_ACT_SKBEDIT) += act_skbedit.o
		18	obj-$(CONFIG_NET_ACT_CSUM) += act_csum.o
18	obj-$(CONFIG_NET_SCH_FIFO) += sch_fifo.o	19	obj-$(CONFIG_NET_SCH_FIFO) += sch_fifo.o
19	obj-$(CONFIG_NET_SCH_CBQ) += sch_cbq.o	20	obj-$(CONFIG_NET_SCH_CBQ) += sch_cbq.o
20	obj-$(CONFIG_NET_SCH_HTB) += sch_htb.o	21	obj-$(CONFIG_NET_SCH_HTB) += sch_htb.o


diff --git a/net/sched/act_csum.c b/net/sched/act_csum.c new file mode 100644 index 000000000000..58d7f36949da --- /dev/null +++ b/net/sched/act_csum.c
@@ -0,0 +1,595 @@
		1	/*
		2	* Checksum updating actions
		3	*
		4	* Copyright (c) 2010 Gregoire Baron <baronchon@n7mm.org>
		5	*
		6	* This program is free software; you can redistribute it and/or modify it
		7	* under the terms of the GNU General Public License as published by the Free
		8	* Software Foundation; either version 2 of the License, or (at your option)
		9	* any later version.
		10	*
		11	*/
		12
		13	#include <linux/types.h>
		14	#include <linux/init.h>
		15	#include <linux/kernel.h>
		16	#include <linux/module.h>
		17	#include <linux/spinlock.h>
		18
		19	#include <linux/netlink.h>
		20	#include <net/netlink.h>
		21	#include <linux/rtnetlink.h>
		22
		23	#include <linux/skbuff.h>
		24
		25	#include <net/ip.h>
		26	#include <net/ipv6.h>
		27	#include <net/icmp.h>
		28	#include <linux/icmpv6.h>
		29	#include <linux/igmp.h>
		30	#include <net/tcp.h>
		31	#include <net/udp.h>
		32
		33	#include <net/act_api.h>
		34
		35	#include <linux/tc_act/tc_csum.h>
		36	#include <net/tc_act/tc_csum.h>
		37
		38	#define CSUM_TAB_MASK 15
		39	static struct tcf_common *tcf_csum_ht[CSUM_TAB_MASK + 1];
		40	static u32 csum_idx_gen;
		41	static DEFINE_RWLOCK(csum_lock);
		42
		43	static struct tcf_hashinfo csum_hash_info = {
		44	.htab = tcf_csum_ht,
		45	.hmask = CSUM_TAB_MASK,
		46	.lock = &csum_lock,
		47	};
		48
		49	static const struct nla_policy csum_policy[TCA_CSUM_MAX + 1] = {
		50	[TCA_CSUM_PARMS] = { .len = sizeof(struct tc_csum), },
		51	};
		52
		53	static int tcf_csum_init(struct nlattr nla, struct nlattr est,
		54	struct tc_action *a, int ovr, int bind)
		55	{
		56	struct nlattr *tb[TCA_CSUM_MAX + 1];
		57	struct tc_csum *parm;
		58	struct tcf_common *pc;
		59	struct tcf_csum *p;
		60	int ret = 0, err;
		61
		62	if (nla == NULL)
		63	return -EINVAL;
		64
		65	err = nla_parse_nested(tb, TCA_CSUM_MAX, nla,csum_policy);
		66	if (err < 0)
		67	return err;
		68
		69	if (tb[TCA_CSUM_PARMS] == NULL)
		70	return -EINVAL;
		71	parm = nla_data(tb[TCA_CSUM_PARMS]);
		72
		73	pc = tcf_hash_check(parm->index, a, bind, &csum_hash_info);
		74	if (!pc) {
		75	pc = tcf_hash_create(parm->index, est, a, sizeof(*p), bind, &csum_idx_gen, &csum_hash_info);
		76	if (IS_ERR(pc))
		77	return PTR_ERR(pc);
		78	p = to_tcf_csum(pc);
		79	ret = ACT_P_CREATED;
		80	} else {
		81	p = to_tcf_csum(pc);
		82	if (!ovr) {
		83	tcf_hash_release(pc, bind, &csum_hash_info);
		84	return -EEXIST;
		85	}
		86	}
		87
		88	spin_lock_bh(&p->tcf_lock);
		89	p->tcf_action = parm->action;
		90	p->update_flags = parm->update_flags;
		91	spin_unlock_bh(&p->tcf_lock);
		92
		93	if (ret == ACT_P_CREATED)
		94	tcf_hash_insert(pc, &csum_hash_info);
		95
		96	return ret;
		97	}
		98
		99	static int tcf_csum_cleanup(struct tc_action *a, int bind)
		100	{
		101	struct tcf_csum *p = a->priv;
		102	return tcf_hash_release(&p->common, bind, &csum_hash_info);
		103	}
		104
		105	/**
		106	* tcf_csum_skb_nextlayer - Get next layer pointer
		107	* @skb: sk_buff to use
		108	* @ihl: previous summed headers length
		109	* @ipl: complete packet length
		110	* @jhl: next header length
		111	*
		112	* Check the expected next layer availability in the specified sk_buff.
		113	* Return the next layer pointer if pass, NULL otherwise.
		114	*/
		115	static void tcf_csum_skb_nextlayer(struct sk_buff skb,
		116	unsigned int ihl, unsigned int ipl,
		117	unsigned int jhl)
		118	{
		119	int ntkoff = skb_network_offset(skb);
		120	int hl = ihl + jhl;
		121
		122	if (!pskb_may_pull(skb, ipl + ntkoff) \|\| (ipl < hl) \|\|
		123	(skb_cloned(skb) &&
		124	!skb_clone_writable(skb, hl + ntkoff) &&
		125	pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
		126	return NULL;
		127	else
		128	return (void *)(skb_network_header(skb) + ihl);
		129	}
		130
		131	static int tcf_csum_ipv4_icmp(struct sk_buff *skb,
		132	unsigned int ihl, unsigned int ipl)
		133	{
		134	struct icmphdr *icmph;
		135
		136	icmph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*icmph));
		137	if (icmph == NULL)
		138	return 0;
		139
		140	icmph->checksum = 0;
		141	skb->csum = csum_partial(icmph, ipl - ihl, 0);
		142	icmph->checksum = csum_fold(skb->csum);
		143
		144	skb->ip_summed = CHECKSUM_NONE;
		145
		146	return 1;
		147	}
		148
		149	static int tcf_csum_ipv4_igmp(struct sk_buff *skb,
		150	unsigned int ihl, unsigned int ipl)
		151	{
		152	struct igmphdr *igmph;
		153
		154	igmph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*igmph));
		155	if (igmph == NULL)
		156	return 0;
		157
		158	igmph->csum = 0;
		159	skb->csum = csum_partial(igmph, ipl - ihl, 0);
		160	igmph->csum = csum_fold(skb->csum);
		161
		162	skb->ip_summed = CHECKSUM_NONE;
		163
		164	return 1;
		165	}
		166
		167	static int tcf_csum_ipv6_icmp(struct sk_buff skb, struct ipv6hdr ip6h,
		168	unsigned int ihl, unsigned int ipl)
		169	{
		170	struct icmp6hdr *icmp6h;
		171
		172	icmp6h = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*icmp6h));
		173	if (icmp6h == NULL)
		174	return 0;
		175
		176	icmp6h->icmp6_cksum = 0;
		177	skb->csum = csum_partial(icmp6h, ipl - ihl, 0);
		178	icmp6h->icmp6_cksum = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
		179	ipl - ihl, IPPROTO_ICMPV6,
		180	skb->csum);
		181
		182	skb->ip_summed = CHECKSUM_NONE;
		183
		184	return 1;
		185	}
		186
		187	static int tcf_csum_ipv4_tcp(struct sk_buff skb, struct iphdr iph,
		188	unsigned int ihl, unsigned int ipl)
		189	{
		190	struct tcphdr *tcph;
		191
		192	tcph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*tcph));
		193	if (tcph == NULL)
		194	return 0;
		195
		196	tcph->check = 0;
		197	skb->csum = csum_partial(tcph, ipl - ihl, 0);
		198	tcph->check = tcp_v4_check(ipl - ihl,
		199	iph->saddr, iph->daddr, skb->csum);
		200
		201	skb->ip_summed = CHECKSUM_NONE;
		202
		203	return 1;
		204	}
		205
		206	static int tcf_csum_ipv6_tcp(struct sk_buff skb, struct ipv6hdr ip6h,
		207	unsigned int ihl, unsigned int ipl)
		208	{
		209	struct tcphdr *tcph;
		210
		211	tcph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*tcph));
		212	if (tcph == NULL)
		213	return 0;
		214
		215	tcph->check = 0;
		216	skb->csum = csum_partial(tcph, ipl - ihl, 0);
		217	tcph->check = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
		218	ipl - ihl, IPPROTO_TCP,
		219	skb->csum);
		220
		221	skb->ip_summed = CHECKSUM_NONE;
		222
		223	return 1;
		224	}
		225
		226	static int tcf_csum_ipv4_udp(struct sk_buff skb, struct iphdr iph,
		227	unsigned int ihl, unsigned int ipl, int udplite)
		228	{
		229	struct udphdr *udph;
		230	u16 ul;
		231
		232	/* Support both UDP and UDPLITE checksum algorithms,
		233	* Don't use udph->len to get the real length without any protocol check,
		234	* UDPLITE uses udph->len for another thing,
		235	* Use iph->tot_len, or just ipl.
		236	*/
		237
		238	udph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*udph));
		239	if (udph == NULL)
		240	return 0;
		241
		242	ul = ntohs(udph->len);
		243
		244	if (udplite \|\| udph->check) {
		245
		246	udph->check = 0;
		247
		248	if (udplite) {
		249	if (ul == 0)
		250	skb->csum = csum_partial(udph, ipl - ihl, 0);
		251
		252	else if ((ul >= sizeof(*udph)) && (ul <= ipl - ihl))
		253	skb->csum = csum_partial(udph, ul, 0);
		254
		255	else
		256	goto ignore_obscure_skb;
		257	} else {
		258	if (ul != ipl - ihl)
		259	goto ignore_obscure_skb;
		260
		261	skb->csum = csum_partial(udph, ul, 0);
		262	}
		263
		264	udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
		265	ul, iph->protocol,
		266	skb->csum);
		267
		268	if (!udph->check)
		269	udph->check = CSUM_MANGLED_0;
		270	}
		271
		272	skb->ip_summed = CHECKSUM_NONE;
		273
		274	ignore_obscure_skb:
		275	return 1;
		276	}
		277
		278	static int tcf_csum_ipv6_udp(struct sk_buff skb, struct ipv6hdr ip6h,
		279	unsigned int ihl, unsigned int ipl, int udplite)
		280	{
		281	struct udphdr *udph;
		282	u16 ul;
		283
		284	/* Support both UDP and UDPLITE checksum algorithms,
		285	* Don't use udph->len to get the real length without any protocol check,
		286	* UDPLITE uses udph->len for another thing,
		287	* Use ip6h->payload_len + sizeof(*ip6h) ... , or just ipl.
		288	*/
		289
		290	udph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*udph));
		291	if (udph == NULL)
		292	return 0;
		293
		294	ul = ntohs(udph->len);
		295
		296	udph->check = 0;
		297
		298	if (udplite) {
		299	if (ul == 0)
		300	skb->csum = csum_partial(udph, ipl - ihl, 0);
		301
		302	else if ((ul >= sizeof(*udph)) && (ul <= ipl - ihl))
		303	skb->csum = csum_partial(udph, ul, 0);
		304
		305	else
		306	goto ignore_obscure_skb;
		307	} else {
		308	if (ul != ipl - ihl)
		309	goto ignore_obscure_skb;
		310
		311	skb->csum = csum_partial(udph, ul, 0);
		312	}
		313
		314	udph->check = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, ul,
		315	udplite ? IPPROTO_UDPLITE : IPPROTO_UDP,
		316	skb->csum);
		317
		318	if (!udph->check)
		319	udph->check = CSUM_MANGLED_0;
		320
		321	skb->ip_summed = CHECKSUM_NONE;
		322
		323	ignore_obscure_skb:
		324	return 1;
		325	}
		326
		327	static int tcf_csum_ipv4(struct sk_buff *skb, u32 update_flags)
		328	{
		329	struct iphdr *iph;
		330	int ntkoff;
		331
		332	ntkoff = skb_network_offset(skb);
		333
		334	if (!pskb_may_pull(skb, sizeof(*iph) + ntkoff))
		335	goto fail;
		336
		337	iph = ip_hdr(skb);
		338
		339	switch (iph->frag_off & htons(IP_OFFSET) ? 0 : iph->protocol) {
		340	case IPPROTO_ICMP:
		341	if (update_flags & TCA_CSUM_UPDATE_FLAG_ICMP)
		342	if (!tcf_csum_ipv4_icmp(skb,
		343	iph->ihl * 4, ntohs(iph->tot_len)))
		344	goto fail;
		345	break;
		346	case IPPROTO_IGMP:
		347	if (update_flags & TCA_CSUM_UPDATE_FLAG_IGMP)
		348	if (!tcf_csum_ipv4_igmp(skb,
		349	iph->ihl * 4, ntohs(iph->tot_len)))
		350	goto fail;
		351	break;
		352	case IPPROTO_TCP:
		353	if (update_flags & TCA_CSUM_UPDATE_FLAG_TCP)
		354	if (!tcf_csum_ipv4_tcp(skb, iph,
		355	iph->ihl * 4, ntohs(iph->tot_len)))
		356	goto fail;
		357	break;
		358	case IPPROTO_UDP:
		359	if (update_flags & TCA_CSUM_UPDATE_FLAG_UDP)
		360	if (!tcf_csum_ipv4_udp(skb, iph,
		361	iph->ihl * 4, ntohs(iph->tot_len), 0))
		362	goto fail;
		363	break;
		364	case IPPROTO_UDPLITE:
		365	if (update_flags & TCA_CSUM_UPDATE_FLAG_UDPLITE)
		366	if (!tcf_csum_ipv4_udp(skb, iph,
		367	iph->ihl * 4, ntohs(iph->tot_len), 1))
		368	goto fail;
		369	break;
		370	}
		371
		372	if (update_flags & TCA_CSUM_UPDATE_FLAG_IPV4HDR) {
		373	if (skb_cloned(skb) &&
		374	!skb_clone_writable(skb, sizeof(*iph) + ntkoff) &&
		375	pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
		376	goto fail;
		377
		378	ip_send_check(iph);
		379	}
		380
		381	return 1;
		382
		383	fail:
		384	return 0;
		385	}
		386
		387	static int tcf_csum_ipv6_hopopts(struct ipv6_opt_hdr *ip6xh,
		388	unsigned int ixhl, unsigned int *pl)
		389	{
		390	int off, len, optlen;
		391	unsigned char xh = (void )ip6xh;
		392
		393	off = sizeof(*ip6xh);
		394	len = ixhl - off;
		395
		396	while (len > 1) {
		397	switch (xh[off])
		398	{
		399	case IPV6_TLV_PAD0:
		400	optlen = 1;
		401	break;
		402	case IPV6_TLV_JUMBO:
		403	optlen = xh[off + 1] + 2;
		404	if (optlen != 6 \|\| len < 6 \|\| (off & 3) != 2)
		405	/* wrong jumbo option length/alignment */
		406	return 0;
		407	pl = ntohl((__be32 *)(xh + off + 2));
		408	goto done;
		409	default:
		410	optlen = xh[off + 1] + 2;
		411	if (optlen > len)
		412	/* ignore obscure options */
		413	goto done;
		414	break;
		415	}
		416	off += optlen;
		417	len -= optlen;
		418	}
		419
		420	done:
		421	return 1;
		422	}
		423
		424	static int tcf_csum_ipv6(struct sk_buff *skb, u32 update_flags)
		425	{
		426	struct ipv6hdr *ip6h;
		427	struct ipv6_opt_hdr *ip6xh;
		428	unsigned int hl, ixhl;
		429	unsigned int pl;
		430	int ntkoff;
		431	u8 nexthdr;
		432
		433	ntkoff = skb_network_offset(skb);
		434
		435	hl = sizeof(*ip6h);
		436
		437	if (!pskb_may_pull(skb, hl + ntkoff))
		438	goto fail;
		439
		440	ip6h = ipv6_hdr(skb);
		441
		442	pl = ntohs(ip6h->payload_len);
		443	nexthdr = ip6h->nexthdr;
		444
		445	do {
		446	switch (nexthdr) {
		447	case NEXTHDR_FRAGMENT:
		448	goto ignore_skb;
		449	case NEXTHDR_ROUTING:
		450	case NEXTHDR_HOP:
		451	case NEXTHDR_DEST:
		452	if (!pskb_may_pull(skb, hl + sizeof(*ip6xh) + ntkoff))
		453	goto fail;
		454	ip6xh = (void *)(skb_network_header(skb) + hl);
		455	ixhl = ipv6_optlen(ip6xh);
		456	if (!pskb_may_pull(skb, hl + ixhl + ntkoff))
		457	goto fail;
		458	if ((nexthdr == NEXTHDR_HOP) &&
		459	!(tcf_csum_ipv6_hopopts(ip6xh, ixhl, &pl)))
		460	goto fail;
		461	nexthdr = ip6xh->nexthdr;
		462	hl += ixhl;
		463	break;
		464	case IPPROTO_ICMPV6:
		465	if (update_flags & TCA_CSUM_UPDATE_FLAG_ICMP)
		466	if (!tcf_csum_ipv6_icmp(skb, ip6h,
		467	hl, pl + sizeof(*ip6h)))
		468	goto fail;
		469	goto done;
		470	case IPPROTO_TCP:
		471	if (update_flags & TCA_CSUM_UPDATE_FLAG_TCP)
		472	if (!tcf_csum_ipv6_tcp(skb, ip6h,
		473	hl, pl + sizeof(*ip6h)))
		474	goto fail;
		475	goto done;
		476	case IPPROTO_UDP:
		477	if (update_flags & TCA_CSUM_UPDATE_FLAG_UDP)
		478	if (!tcf_csum_ipv6_udp(skb, ip6h,
		479	hl, pl + sizeof(*ip6h), 0))
		480	goto fail;
		481	goto done;
		482	case IPPROTO_UDPLITE:
		483	if (update_flags & TCA_CSUM_UPDATE_FLAG_UDPLITE)
		484	if (!tcf_csum_ipv6_udp(skb, ip6h,
		485	hl, pl + sizeof(*ip6h), 1))
		486	goto fail;
		487	goto done;
		488	default:
		489	goto ignore_skb;
		490	}
		491	} while (pskb_may_pull(skb, hl + 1 + ntkoff));
		492
		493	done:
		494	ignore_skb:
		495	return 1;
		496
		497	fail:
		498	return 0;
		499	}
		500
		501	static int tcf_csum(struct sk_buff *skb,
		502	struct tc_action a, struct tcf_result res)
		503	{
		504	struct tcf_csum *p = a->priv;
		505	int action;
		506	u32 update_flags;
		507
		508	spin_lock(&p->tcf_lock);
		509	p->tcf_tm.lastuse = jiffies;
		510	p->tcf_bstats.bytes += qdisc_pkt_len(skb);
		511	p->tcf_bstats.packets++;
		512	action = p->tcf_action;
		513	update_flags = p->update_flags;
		514	spin_unlock(&p->tcf_lock);
		515
		516	if (unlikely(action == TC_ACT_SHOT))
		517	goto drop;
		518
		519	switch (skb->protocol) {
		520	case cpu_to_be16(ETH_P_IP):
		521	if (!tcf_csum_ipv4(skb, update_flags))
		522	goto drop;
		523	break;
		524	case cpu_to_be16(ETH_P_IPV6):
		525	if (!tcf_csum_ipv6(skb, update_flags))
		526	goto drop;
		527	break;
		528	}
		529
		530	return action;
		531
		532	drop:
		533	spin_lock(&p->tcf_lock);
		534	p->tcf_qstats.drops++;
		535	spin_unlock(&p->tcf_lock);
		536	return TC_ACT_SHOT;
		537	}
		538
		539	static int tcf_csum_dump(struct sk_buff *skb,
		540	struct tc_action *a, int bind, int ref)
		541	{
		542	unsigned char *b = skb_tail_pointer(skb);
		543	struct tcf_csum *p = a->priv;
		544	struct tc_csum opt = {
		545	.update_flags = p->update_flags,
		546
		547	.index = p->tcf_index,
		548	.action = p->tcf_action,
		549	.refcnt = p->tcf_refcnt - ref,
		550	.bindcnt = p->tcf_bindcnt - bind,
		551	};
		552	struct tcf_t t;
		553
		554	NLA_PUT(skb, TCA_CSUM_PARMS, sizeof(opt), &opt);
		555	t.install = jiffies_to_clock_t(jiffies - p->tcf_tm.install);
		556	t.lastuse = jiffies_to_clock_t(jiffies - p->tcf_tm.lastuse);
		557	t.expires = jiffies_to_clock_t(p->tcf_tm.expires);
		558	NLA_PUT(skb, TCA_CSUM_TM, sizeof(t), &t);
		559
		560	return skb->len;
		561
		562	nla_put_failure:
		563	nlmsg_trim(skb, b);
		564	return -1;
		565	}
		566
		567	static struct tc_action_ops act_csum_ops = {
		568	.kind = "csum",
		569	.hinfo = &csum_hash_info,
		570	.type = TCA_ACT_CSUM,
		571	.capab = TCA_CAP_NONE,
		572	.owner = THIS_MODULE,
		573	.act = tcf_csum,
		574	.dump = tcf_csum_dump,
		575	.cleanup = tcf_csum_cleanup,
		576	.lookup = tcf_hash_search,
		577	.init = tcf_csum_init,
		578	.walk = tcf_generic_walker
		579	};
		580
		581	MODULE_DESCRIPTION("Checksum updating actions");
		582	MODULE_LICENSE("GPL");
		583
		584	static int __init csum_init_module(void)
		585	{
		586	return tcf_register_action(&act_csum_ops);
		587	}
		588
		589	static void __exit csum_cleanup_module(void)
		590	{
		591	tcf_unregister_action(&act_csum_ops);
		592	}
		593
		594	module_init(csum_init_module);
		595	module_exit(csum_cleanup_module);