Home Explore Help
Sign In
ldpinney
/
GnuBee-libreCMC
forked from libreCMC/libreCMC
2
0
Fork 2
Files
Tree: a757ef22ba
Branches Tags
GnuBee-libreCMC
/
target
/
linux
/
generic
/
backport-4.14
/
305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch

305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch 6.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 
  1. From: Pablo Neira Ayuso <pablo@netfilter.org>
    2. 

  2. Date: Wed, 20 Dec 2017 16:04:18 +0100
    3. 

  3. Subject: [PATCH] netfilter: move checksum_partial indirection to struct
    4. 

  4.  nf_ipv6_ops
    5. 

  5. 

  6. We cannot make a direct call to nf_ip6_checksum_partial() because that
    7. 

  7. would result in autoloading the 'ipv6' module because of symbol
    8. 

  8. dependencies.  Therefore, define checksum_partial indirection in
    9. 

  9. nf_ipv6_ops where this really belongs to.
    10. 

  10. 

  11. For IPv4, we can indeed make a direct function call, which is faster,
    12. 

  12. given IPv4 is built-in in the networking code by default. Still,
    13. 

  13. CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline
    14. 

  14. stub for IPv4 in such case.
    15. 

  15. 

  16. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
    17. 

  17. ---
    18. 

  18. 

  19. --- a/include/linux/netfilter.h
    20. 

  20. +++ b/include/linux/netfilter.h
    21. 

  21. @@ -311,11 +311,6 @@ struct nf_queue_entry;
    22. 

  22.  
    23. 

  23.  struct nf_afinfo {
    24. 

  24.  	unsigned short	family;
    25. 

  25. -	__sum16		(*checksum_partial)(struct sk_buff *skb,
    26. 

  26. -					    unsigned int hook,
    27. 

  27. -					    unsigned int dataoff,
    28. 

  28. -					    unsigned int len,
    29. 

  29. -					    u_int8_t protocol);
    30. 

  30.  	int		(*route)(struct net *net, struct dst_entry **dst,
    31. 

  31.  				 struct flowi *fl, bool strict);
    32. 

  32.  	void		(*saveroute)(const struct sk_buff *skb,
    33. 

  33. @@ -335,22 +330,9 @@ __sum16 nf_checksum(struct sk_buff *skb,
    34. 

  34.  		    unsigned int dataoff, u_int8_t protocol,
    35. 

  35.  		    unsigned short family);
    36. 

  36.  
    37. 

  37. -static inline __sum16
    38. 

  38. -nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
    39. 

  39. -		    unsigned int dataoff, unsigned int len,
    40. 

  40. -		    u_int8_t protocol, unsigned short family)
    41. 

  41. -{
    42. 

  42. -	const struct nf_afinfo *afinfo;
    43. 

  43. -	__sum16 csum = 0;
    44. 

  44. -
    45. 

  45. -	rcu_read_lock();
    46. 

  46. -	afinfo = nf_get_afinfo(family);
    47. 

  47. -	if (afinfo)
    48. 

  48. -		csum = afinfo->checksum_partial(skb, hook, dataoff, len,
    49. 

  49. -						protocol);
    50. 

  50. -	rcu_read_unlock();
    51. 

  51. -	return csum;
    52. 

  52. -}
    53. 

  53. +__sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
    54. 

  54. +			    unsigned int dataoff, unsigned int len,
    55. 

  55. +			    u_int8_t protocol, unsigned short family);
    56. 

  56.  
    57. 

  57.  int nf_register_afinfo(const struct nf_afinfo *afinfo);
    58. 

  58.  void nf_unregister_afinfo(const struct nf_afinfo *afinfo);
    59. 

  59. --- a/include/linux/netfilter_ipv4.h
    60. 

  60. +++ b/include/linux/netfilter_ipv4.h
    61. 

  61. @@ -11,12 +11,23 @@ int ip_route_me_harder(struct net *net,
    62. 

  62.  #ifdef CONFIG_INET
    63. 

  63.  __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
    64. 

  64.  		       unsigned int dataoff, u_int8_t protocol);
    65. 

  65. +__sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook,
    66. 

  66. +			       unsigned int dataoff, unsigned int len,
    67. 

  67. +			       u_int8_t protocol);
    68. 

  68.  #else
    69. 

  69.  static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
    70. 

  70.  				     unsigned int dataoff, u_int8_t protocol)
    71. 

  71.  {
    72. 

  72.  	return 0;
    73. 

  73.  }
    74. 

  74. +static inline __sum16 nf_ip_checksum_partial(struct sk_buff *skb,
    75. 

  75. +					     unsigned int hook,
    76. 

  76. +					     unsigned int dataoff,
    77. 

  77. +					     unsigned int len,
    78. 

  78. +					     u_int8_t protocol)
    79. 

  79. +{
    80. 

  80. +	return 0;
    81. 

  81. +}
    82. 

  82.  #endif /* CONFIG_INET */
    83. 

  83.  
    84. 

  84.  #endif /*__LINUX_IP_NETFILTER_H*/
    85. 

  85. --- a/include/linux/netfilter_ipv6.h
    86. 

  86. +++ b/include/linux/netfilter_ipv6.h
    87. 

  87. @@ -21,6 +21,9 @@ struct nf_ipv6_ops {
    88. 

  88.  			int (*output)(struct net *, struct sock *, struct sk_buff *));
    89. 

  89.  	__sum16 (*checksum)(struct sk_buff *skb, unsigned int hook,
    90. 

  90.  			    unsigned int dataoff, u_int8_t protocol);
    91. 

  91. +	__sum16 (*checksum_partial)(struct sk_buff *skb, unsigned int hook,
    92. 

  92. +				    unsigned int dataoff, unsigned int len,
    93. 

  93. +				    u_int8_t protocol);
    94. 

  94.  };
    95. 

  95.  
    96. 

  96.  #ifdef CONFIG_NETFILTER
    97. 

  97. --- a/net/bridge/netfilter/nf_tables_bridge.c
    98. 

  98. +++ b/net/bridge/netfilter/nf_tables_bridge.c
    99. 

  99. @@ -106,13 +106,6 @@ static int nf_br_reroute(struct net *net
    100. 

  100.  	return 0;
    101. 

  101.  }
    102. 

  102.  
    103. 

  103. -static __sum16 nf_br_checksum_partial(struct sk_buff *skb, unsigned int hook,
    104. 

  104. -				      unsigned int dataoff, unsigned int len,
    105. 

  105. -				      u_int8_t protocol)
    106. 

  106. -{
    107. 

  107. -	return 0;
    108. 

  108. -}
    109. 

  109. -
    110. 

  110.  static int nf_br_route(struct net *net, struct dst_entry **dst,
    111. 

  111.  		       struct flowi *fl, bool strict __always_unused)
    112. 

  112.  {
    113. 

  113. @@ -121,7 +114,6 @@ static int nf_br_route(struct net *net,
    114. 

  114.  
    115. 

  115.  static const struct nf_afinfo nf_br_afinfo = {
    116. 

  116.  	.family                 = AF_BRIDGE,
    117. 

  117. -	.checksum_partial       = nf_br_checksum_partial,
    118. 

  118.  	.route                  = nf_br_route,
    119. 

  119.  	.saveroute              = nf_br_saveroute,
    120. 

  120.  	.reroute                = nf_br_reroute,
    121. 

  121. --- a/net/ipv4/netfilter.c
    122. 

  122. +++ b/net/ipv4/netfilter.c
    123. 

  123. @@ -155,9 +155,9 @@ __sum16 nf_ip_checksum(struct sk_buff *s
    124. 

  124.  }
    125. 

  125.  EXPORT_SYMBOL(nf_ip_checksum);
    126. 

  126.  
    127. 

  127. -static __sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook,
    128. 

  128. -				      unsigned int dataoff, unsigned int len,
    129. 

  129. -				      u_int8_t protocol)
    130. 

  130. +__sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook,
    131. 

  131. +			       unsigned int dataoff, unsigned int len,
    132. 

  132. +			       u_int8_t protocol)
    133. 

  133.  {
    134. 

  134.  	const struct iphdr *iph = ip_hdr(skb);
    135. 

  135.  	__sum16 csum = 0;
    136. 

  136. @@ -175,6 +175,7 @@ static __sum16 nf_ip_checksum_partial(st
    137. 

  137.  	}
    138. 

  138.  	return csum;
    139. 

  139.  }
    140. 

  140. +EXPORT_SYMBOL_GPL(nf_ip_checksum_partial);
    141. 

  141.  
    142. 

  142.  static int nf_ip_route(struct net *net, struct dst_entry **dst,
    143. 

  143.  		       struct flowi *fl, bool strict __always_unused)
    144. 

  144. @@ -188,7 +189,6 @@ static int nf_ip_route(struct net *net,
    145. 

  145.  
    146. 

  146.  static const struct nf_afinfo nf_ip_afinfo = {
    147. 

  147.  	.family			= AF_INET,
    148. 

  148. -	.checksum_partial	= nf_ip_checksum_partial,
    149. 

  149.  	.route			= nf_ip_route,
    150. 

  150.  	.saveroute		= nf_ip_saveroute,
    151. 

  151.  	.reroute		= nf_ip_reroute,
    152. 

  152. --- a/net/ipv6/netfilter.c
    153. 

  153. +++ b/net/ipv6/netfilter.c
    154. 

  154. @@ -194,15 +194,15 @@ static __sum16 nf_ip6_checksum_partial(s
    155. 

  155.  };
    156. 

  156.  
    157. 

  157.  static const struct nf_ipv6_ops ipv6ops = {
    158. 

  158. -	.chk_addr	= ipv6_chk_addr,
    159. 

  159. -	.route_input    = ip6_route_input,
    160. 

  160. -	.fragment	= ip6_fragment,
    161. 

  161. -	.checksum	= nf_ip6_checksum,
    162. 

  162. +	.chk_addr		= ipv6_chk_addr,
    163. 

  163. +	.route_input    	= ip6_route_input,
    164. 

  164. +	.fragment		= ip6_fragment,
    165. 

  165. +	.checksum		= nf_ip6_checksum,
    166. 

  166. +	.checksum_partial	= nf_ip6_checksum_partial,
    167. 

  167.  };
    168. 

  168.  
    169. 

  169.  static const struct nf_afinfo nf_ip6_afinfo = {
    170. 

  170.  	.family			= AF_INET6,
    171. 

  171. -	.checksum_partial	= nf_ip6_checksum_partial,
    172. 

  172.  	.route			= nf_ip6_route,
    173. 

  173.  	.saveroute		= nf_ip6_saveroute,
    174. 

  174.  	.reroute		= nf_ip6_reroute,
    175. 

  175. --- a/net/netfilter/utils.c
    176. 

  176. +++ b/net/netfilter/utils.c
    177. 

  177. @@ -24,3 +24,27 @@ __sum16 nf_checksum(struct sk_buff *skb,
    178. 

  178.  	return csum;
    179. 

  179.  }
    180. 

  180.  EXPORT_SYMBOL_GPL(nf_checksum);
    181. 

  181. +
    182. 

  182. +__sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
    183. 

  183. +			    unsigned int dataoff, unsigned int len,
    184. 

  184. +			    u_int8_t protocol, unsigned short family)
    185. 

  185. +{
    186. 

  186. +	const struct nf_ipv6_ops *v6ops;
    187. 

  187. +	__sum16 csum = 0;
    188. 

  188. +
    189. 

  189. +	switch (family) {
    190. 

  190. +	case AF_INET:
    191. 

  191. +		csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
    192. 

  192. +					      protocol);
    193. 

  193. +		break;
    194. 

  194. +	case AF_INET6:
    195. 

  195. +		v6ops = rcu_dereference(nf_ipv6_ops);
    196. 

  196. +		if (v6ops)
    197. 

  197. +			csum = v6ops->checksum_partial(skb, hook, dataoff, len,
    198. 

  198. +						       protocol);
    199. 

  199. +		break;
    200. 

  200. +	}
    201. 

  201. +
    202. 

  202. +	return csum;
    203. 

  203. +}
    204. 

  204. +EXPORT_SYMBOL_GPL(nf_checksum_partial);
    205.