| Message ID | 20240822221939.157858-2-pablo@netfilter.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [net-next,1/9] netfilter: nfnetlink_queue: unbreak SCTP traffic | expand |
Hello: This series was applied to netdev/net-next.git (main) by Pablo Neira Ayuso <pablo@netfilter.org>: On Fri, 23 Aug 2024 00:19:31 +0200 you wrote: > From: Antonio Ojea <aojea@google.com> > > when packet is enqueued with nfqueue and GSO is enabled, checksum > calculation has to take into account the protocol, as SCTP uses a > 32 bits CRC checksum. > > Enter skb_gso_segment() path in case of SCTP GSO packets because > skb_zerocopy() does not support for GSO_BY_FRAGS. > > [...] Here is the summary with links: - [net-next,1/9] netfilter: nfnetlink_queue: unbreak SCTP traffic https://git.kernel.org/netdev/net-next/c/26a77d02891a - [net-next,2/9] selftests: netfilter: nft_queue.sh: sctp coverage https://git.kernel.org/netdev/net-next/c/4e97d521c2be - [net-next,3/9] netfilter: nfnetlink: convert kfree_skb to consume_skb https://git.kernel.org/netdev/net-next/c/e2444c1d4639 - [net-next,4/9] netfilter: nf_tables: store new sets in dedicated list https://git.kernel.org/netdev/net-next/c/c1aa38866b9c - [net-next,5/9] netfilter: nf_tables: do not remove elements if set backend implements .abort https://git.kernel.org/netdev/net-next/c/c9526aeb4998 - [net-next,6/9] netfilter: move nf_ct_netns_get out of nf_conncount_init https://git.kernel.org/netdev/net-next/c/d5283b47e225 - [net-next,7/9] netfilter: nf_tables: pass context structure to nft_parse_register_load https://git.kernel.org/netdev/net-next/c/7ea0522ef81a - [net-next,8/9] netfilter: nf_tables: allow loads only when register is initialized https://git.kernel.org/netdev/net-next/c/14fb07130c7d - [net-next,9/9] netfilter: nf_tables: don't initialize registers in nft_do_chain() https://git.kernel.org/netdev/net-next/c/c88baabf16d1 You are awesome, thank you!
diff --git a/net/core/dev.c b/net/core/dev.c index e7260889d4cb..8384282acadf 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3386,6 +3386,7 @@ int skb_crc32c_csum_help(struct sk_buff *skb) out: return ret; } +EXPORT_SYMBOL(skb_crc32c_csum_help); __be16 skb_network_protocol(struct sk_buff *skb, int *depth) { diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index e0716da256bf..d2773ce9b585 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -540,6 +540,14 @@ static int nfqnl_put_bridge(struct nf_queue_entry *entry, struct sk_buff *skb) return -1; } +static int nf_queue_checksum_help(struct sk_buff *entskb) +{ + if (skb_csum_is_sctp(entskb)) + return skb_crc32c_csum_help(entskb); + + return skb_checksum_help(entskb); +} + static struct sk_buff * nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, struct nf_queue_entry *entry, @@ -602,7 +610,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, case NFQNL_COPY_PACKET: if (!(queue->flags & NFQA_CFG_F_GSO) && entskb->ip_summed == CHECKSUM_PARTIAL && - skb_checksum_help(entskb)) + nf_queue_checksum_help(entskb)) return NULL; data_len = READ_ONCE(queue->copy_range); @@ -1014,7 +1022,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) break; } - if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(skb)) + if (!skb_is_gso(skb) || ((queue->flags & NFQA_CFG_F_GSO) && !skb_is_gso_sctp(skb))) return __nfqnl_enqueue_packet(net, queue, entry); nf_bridge_adjust_skb_data(skb);