diff options
author | Florian Westphal <fw@strlen.de> | 2013-04-19 04:58:27 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-04-29 20:09:07 +0200 |
commit | 00bd1cc24a7dd295ee095dc50791aab6ede46c7a (patch) | |
tree | 0802df661d7b8d4d6bfc47dfd6230607c8f92af1 | |
parent | 7237190df8c4129241697530a4eecabdc4ecc66e (diff) | |
download | lwn-00bd1cc24a7dd295ee095dc50791aab6ede46c7a.tar.gz lwn-00bd1cc24a7dd295ee095dc50791aab6ede46c7a.zip |
netfilter: nfnetlink_queue: avoid expensive gso segmentation and checksum fixup
Userspace can now indicate that it can cope with larger-than-mtu sized
packets and packets that have invalid ipv4/tcp checksums.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/uapi/linux/netfilter/nfnetlink_queue.h | 3 | ||||
-rw-r--r-- | net/netfilter/nfnetlink_queue_core.c | 5 |
2 files changed, 5 insertions, 3 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h index 0069da370464..a2308ae5a73d 100644 --- a/include/uapi/linux/netfilter/nfnetlink_queue.h +++ b/include/uapi/linux/netfilter/nfnetlink_queue.h @@ -97,7 +97,8 @@ enum nfqnl_attr_config { /* Flags for NFQA_CFG_FLAGS */ #define NFQA_CFG_F_FAIL_OPEN (1 << 0) #define NFQA_CFG_F_CONNTRACK (1 << 1) -#define NFQA_CFG_F_MAX (1 << 2) +#define NFQA_CFG_F_GSO (1 << 2) +#define NFQA_CFG_F_MAX (1 << 3) /* flags for NFQA_SKB_INFO */ /* packet appears to have wrong checksums, but they are ok */ diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c index d052cd6da5d2..2e0e835baf72 100644 --- a/net/netfilter/nfnetlink_queue_core.c +++ b/net/netfilter/nfnetlink_queue_core.c @@ -327,7 +327,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, break; case NFQNL_COPY_PACKET: - if (entskb->ip_summed == CHECKSUM_PARTIAL && + if (!(queue->flags & NFQA_CFG_F_GSO) && + entskb->ip_summed == CHECKSUM_PARTIAL && skb_checksum_help(entskb)) return NULL; @@ -636,7 +637,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) if (queue->copy_mode == NFQNL_COPY_NONE) return -EINVAL; - if (!skb_is_gso(entry->skb)) + if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb)) return __nfqnl_enqueue_packet(net, queue, entry); skb = entry->skb; |