netfilter: nfnetlink_queue: avoid expensive gso segmentation and checksum fixup
Userspace can now indicate that it can cope with larger-than-mtu sized packets and packets that have invalid ipv4/tcp checksums. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
		
					parent
					
						
							
								7237190df8
							
						
					
				
			
			
				commit
				
					
						00bd1cc24a
					
				
			
		
					 2 changed files with 5 additions and 3 deletions
				
			
		|  | @ -97,7 +97,8 @@ enum nfqnl_attr_config { | ||||||
| /* Flags for NFQA_CFG_FLAGS */ | /* Flags for NFQA_CFG_FLAGS */ | ||||||
| #define NFQA_CFG_F_FAIL_OPEN			(1 << 0) | #define NFQA_CFG_F_FAIL_OPEN			(1 << 0) | ||||||
| #define NFQA_CFG_F_CONNTRACK			(1 << 1) | #define NFQA_CFG_F_CONNTRACK			(1 << 1) | ||||||
| #define NFQA_CFG_F_MAX				(1 << 2) | #define NFQA_CFG_F_GSO				(1 << 2) | ||||||
|  | #define NFQA_CFG_F_MAX				(1 << 3) | ||||||
| 
 | 
 | ||||||
| /* flags for NFQA_SKB_INFO */ | /* flags for NFQA_SKB_INFO */ | ||||||
| /* packet appears to have wrong checksums, but they are ok */ | /* packet appears to have wrong checksums, but they are ok */ | ||||||
|  |  | ||||||
|  | @ -327,7 +327,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, | ||||||
| 		break; | 		break; | ||||||
| 
 | 
 | ||||||
| 	case NFQNL_COPY_PACKET: | 	case NFQNL_COPY_PACKET: | ||||||
| 		if (entskb->ip_summed == CHECKSUM_PARTIAL && | 		if (!(queue->flags & NFQA_CFG_F_GSO) && | ||||||
|  | 		    entskb->ip_summed == CHECKSUM_PARTIAL && | ||||||
| 		    skb_checksum_help(entskb)) | 		    skb_checksum_help(entskb)) | ||||||
| 			return NULL; | 			return NULL; | ||||||
| 
 | 
 | ||||||
|  | @ -636,7 +637,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) | ||||||
| 	if (queue->copy_mode == NFQNL_COPY_NONE) | 	if (queue->copy_mode == NFQNL_COPY_NONE) | ||||||
| 		return -EINVAL; | 		return -EINVAL; | ||||||
| 
 | 
 | ||||||
| 	if (!skb_is_gso(entry->skb)) | 	if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb)) | ||||||
| 		return __nfqnl_enqueue_packet(net, queue, entry); | 		return __nfqnl_enqueue_packet(net, queue, entry); | ||||||
| 
 | 
 | ||||||
| 	skb = entry->skb; | 	skb = entry->skb; | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Florian Westphal
				Florian Westphal