diff options
author | Davide Caratti <dcaratti@redhat.com> | 2020-10-15 18:39:27 +0200 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2020-10-15 11:45:19 -0700 |
commit | 346e320cb2103edef709c4466a29140c4a8e527a (patch) | |
tree | 405af21ad80b77a0bfda44fa68bbf92051c9c979 /Documentation/networking | |
parent | 54086c5a7f159749bc521706bae329cbce3971e9 (diff) | |
download | lwn-346e320cb2103edef709c4466a29140c4a8e527a.tar.gz lwn-346e320cb2103edef709c4466a29140c4a8e527a.zip |
netfilter: nftables: allow re-computing sctp CRC-32C in 'payload' statements
nftables payload statements are used to mangle SCTP headers, but they can
only replace the Internet Checksum. As a consequence, nftables rules that
mangle sport/dport/vtag in SCTP headers potentially generate packets that
are discarded by the receiver, unless the CRC-32C is "offloaded" (e.g the
rule mangles a skb having 'ip_summed' equal to 'CHECKSUM_PARTIAL'.
Fix this extending uAPI definitions and L4 checksum update function, in a
way that userspace programs (e.g. nft) can instruct the kernel to compute
CRC-32C in SCTP headers. Also ensure that LIBCRC32C is built if NF_TABLES
is 'y' or 'm' in the kernel build configuration.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'Documentation/networking')
0 files changed, 0 insertions, 0 deletions