Commit 00bd1cc2 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso

netfilter: nfnetlink_queue: avoid expensive gso segmentation and checksum fixup

Userspace can now indicate that it can cope with larger-than-mtu sized
packets and packets that have invalid ipv4/tcp checksums.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 7237190d
...@@ -97,7 +97,8 @@ enum nfqnl_attr_config { ...@@ -97,7 +97,8 @@ enum nfqnl_attr_config {
/* Flags for NFQA_CFG_FLAGS */ /* Flags for NFQA_CFG_FLAGS */
#define NFQA_CFG_F_FAIL_OPEN (1 << 0) #define NFQA_CFG_F_FAIL_OPEN (1 << 0)
#define NFQA_CFG_F_CONNTRACK (1 << 1) #define NFQA_CFG_F_CONNTRACK (1 << 1)
#define NFQA_CFG_F_MAX (1 << 2) #define NFQA_CFG_F_GSO (1 << 2)
#define NFQA_CFG_F_MAX (1 << 3)
/* flags for NFQA_SKB_INFO */ /* flags for NFQA_SKB_INFO */
/* packet appears to have wrong checksums, but they are ok */ /* packet appears to have wrong checksums, but they are ok */
......
...@@ -327,7 +327,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, ...@@ -327,7 +327,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
break; break;
case NFQNL_COPY_PACKET: case NFQNL_COPY_PACKET:
if (entskb->ip_summed == CHECKSUM_PARTIAL && if (!(queue->flags & NFQA_CFG_F_GSO) &&
entskb->ip_summed == CHECKSUM_PARTIAL &&
skb_checksum_help(entskb)) skb_checksum_help(entskb))
return NULL; return NULL;
...@@ -636,7 +637,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) ...@@ -636,7 +637,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
if (queue->copy_mode == NFQNL_COPY_NONE) if (queue->copy_mode == NFQNL_COPY_NONE)
return -EINVAL; return -EINVAL;
if (!skb_is_gso(entry->skb)) if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb))
return __nfqnl_enqueue_packet(net, queue, entry); return __nfqnl_enqueue_packet(net, queue, entry);
skb = entry->skb; skb = entry->skb;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment