mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-12 00:38:55 +00:00
netfilter: nfnetlink_queue: avoid expensive gso segmentation and checksum fixup
Userspace can now indicate that it can cope with larger-than-mtu sized packets and packets that have invalid ipv4/tcp checksums. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
7237190df8
commit
00bd1cc24a
@ -97,7 +97,8 @@ enum nfqnl_attr_config {
|
||||
/* Flags for NFQA_CFG_FLAGS */
|
||||
#define NFQA_CFG_F_FAIL_OPEN (1 << 0)
|
||||
#define NFQA_CFG_F_CONNTRACK (1 << 1)
|
||||
#define NFQA_CFG_F_MAX (1 << 2)
|
||||
#define NFQA_CFG_F_GSO (1 << 2)
|
||||
#define NFQA_CFG_F_MAX (1 << 3)
|
||||
|
||||
/* flags for NFQA_SKB_INFO */
|
||||
/* packet appears to have wrong checksums, but they are ok */
|
||||
|
@ -327,7 +327,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
|
||||
break;
|
||||
|
||||
case NFQNL_COPY_PACKET:
|
||||
if (entskb->ip_summed == CHECKSUM_PARTIAL &&
|
||||
if (!(queue->flags & NFQA_CFG_F_GSO) &&
|
||||
entskb->ip_summed == CHECKSUM_PARTIAL &&
|
||||
skb_checksum_help(entskb))
|
||||
return NULL;
|
||||
|
||||
@ -636,7 +637,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
|
||||
if (queue->copy_mode == NFQNL_COPY_NONE)
|
||||
return -EINVAL;
|
||||
|
||||
if (!skb_is_gso(entry->skb))
|
||||
if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb))
|
||||
return __nfqnl_enqueue_packet(net, queue, entry);
|
||||
|
||||
skb = entry->skb;
|
||||
|
Loading…
x
Reference in New Issue
Block a user