aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
diff options
context:
space:
mode:
authorRafał Miłecki <rafal@milecki.pl>2018-05-08 09:40:43 +0200
committerRafał Miłecki <rafal@milecki.pl>2018-05-08 09:42:07 +0200
commitf9dcdc7fefcab5ec9b15b0f3c87dfebef37ecaa3 (patch)
tree36fd6f2cc4324384f9af19994fb69a20d95f8daf /target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
parent004cc22e4ef8187dd80d5d6be5a2575453ef3699 (diff)
downloadupstream-f9dcdc7fefcab5ec9b15b0f3c87dfebef37ecaa3.tar.gz
upstream-f9dcdc7fefcab5ec9b15b0f3c87dfebef37ecaa3.tar.bz2
upstream-f9dcdc7fefcab5ec9b15b0f3c87dfebef37ecaa3.zip
kernel: mark source kernel for netfilter backports
This helps keeping track on patches & adding new kernels in the future. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Diffstat (limited to 'target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch')
-rw-r--r--target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch171
1 files changed, 171 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch b/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
new file mode 100644
index 0000000000..b122dd55d0
--- /dev/null
+++ b/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
@@ -0,0 +1,171 @@
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 27 Nov 2017 21:55:14 +0100
+Subject: [PATCH] netfilter: move checksum indirection to struct nf_ipv6_ops
+
+We cannot make a direct call to nf_ip6_checksum() because that would
+result in autoloading the 'ipv6' module because of symbol dependencies.
+Therefore, define checksum indirection in nf_ipv6_ops where this really
+belongs to.
+
+For IPv4, we can indeed make a direct function call, which is faster,
+given IPv4 is built-in in the networking code by default. Still,
+CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline
+stub for IPv4 in such case.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ create mode 100644 net/netfilter/utils.c
+
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -274,8 +274,6 @@ struct nf_queue_entry;
+
+ struct nf_afinfo {
+ unsigned short family;
+- __sum16 (*checksum)(struct sk_buff *skb, unsigned int hook,
+- unsigned int dataoff, u_int8_t protocol);
+ __sum16 (*checksum_partial)(struct sk_buff *skb,
+ unsigned int hook,
+ unsigned int dataoff,
+@@ -296,20 +294,9 @@ static inline const struct nf_afinfo *nf
+ return rcu_dereference(nf_afinfo[family]);
+ }
+
+-static inline __sum16
+-nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
+- u_int8_t protocol, unsigned short family)
+-{
+- const struct nf_afinfo *afinfo;
+- __sum16 csum = 0;
+-
+- rcu_read_lock();
+- afinfo = nf_get_afinfo(family);
+- if (afinfo)
+- csum = afinfo->checksum(skb, hook, dataoff, protocol);
+- rcu_read_unlock();
+- return csum;
+-}
++__sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
++ unsigned int dataoff, u_int8_t protocol,
++ unsigned short family);
+
+ static inline __sum16
+ nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
+--- a/include/linux/netfilter_ipv4.h
++++ b/include/linux/netfilter_ipv4.h
+@@ -7,6 +7,16 @@
+ #include <uapi/linux/netfilter_ipv4.h>
+
+ int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type);
++
++#ifdef CONFIG_INET
+ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, u_int8_t protocol);
++#else
++static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
++ unsigned int dataoff, u_int8_t protocol)
++{
++ return 0;
++}
++#endif /* CONFIG_INET */
++
+ #endif /*__LINUX_IP_NETFILTER_H*/
+--- a/include/linux/netfilter_ipv6.h
++++ b/include/linux/netfilter_ipv6.h
+@@ -19,6 +19,8 @@ struct nf_ipv6_ops {
+ void (*route_input)(struct sk_buff *skb);
+ int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb,
+ int (*output)(struct net *, struct sock *, struct sk_buff *));
++ __sum16 (*checksum)(struct sk_buff *skb, unsigned int hook,
++ unsigned int dataoff, u_int8_t protocol);
+ };
+
+ #ifdef CONFIG_NETFILTER
+--- a/net/bridge/netfilter/nf_tables_bridge.c
++++ b/net/bridge/netfilter/nf_tables_bridge.c
+@@ -106,12 +106,6 @@ static int nf_br_reroute(struct net *net
+ return 0;
+ }
+
+-static __sum16 nf_br_checksum(struct sk_buff *skb, unsigned int hook,
+- unsigned int dataoff, u_int8_t protocol)
+-{
+- return 0;
+-}
+-
+ static __sum16 nf_br_checksum_partial(struct sk_buff *skb, unsigned int hook,
+ unsigned int dataoff, unsigned int len,
+ u_int8_t protocol)
+@@ -127,7 +121,6 @@ static int nf_br_route(struct net *net,
+
+ static const struct nf_afinfo nf_br_afinfo = {
+ .family = AF_BRIDGE,
+- .checksum = nf_br_checksum,
+ .checksum_partial = nf_br_checksum_partial,
+ .route = nf_br_route,
+ .saveroute = nf_br_saveroute,
+--- a/net/ipv4/netfilter.c
++++ b/net/ipv4/netfilter.c
+@@ -188,7 +188,6 @@ static int nf_ip_route(struct net *net,
+
+ static const struct nf_afinfo nf_ip_afinfo = {
+ .family = AF_INET,
+- .checksum = nf_ip_checksum,
+ .checksum_partial = nf_ip_checksum_partial,
+ .route = nf_ip_route,
+ .saveroute = nf_ip_saveroute,
+--- a/net/ipv6/netfilter.c
++++ b/net/ipv6/netfilter.c
+@@ -193,12 +193,12 @@ static __sum16 nf_ip6_checksum_partial(s
+ static const struct nf_ipv6_ops ipv6ops = {
+ .chk_addr = ipv6_chk_addr,
+ .route_input = ip6_route_input,
+- .fragment = ip6_fragment
++ .fragment = ip6_fragment,
++ .checksum = nf_ip6_checksum,
+ };
+
+ static const struct nf_afinfo nf_ip6_afinfo = {
+ .family = AF_INET6,
+- .checksum = nf_ip6_checksum,
+ .checksum_partial = nf_ip6_checksum_partial,
+ .route = nf_ip6_route,
+ .saveroute = nf_ip6_saveroute,
+--- a/net/netfilter/Makefile
++++ b/net/netfilter/Makefile
+@@ -1,5 +1,5 @@
+ # SPDX-License-Identifier: GPL-2.0
+-netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o
++netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o utils.o
+
+ nf_conntrack-y := nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o nf_conntrack_proto.o nf_conntrack_l3proto_generic.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o nf_conntrack_extend.o nf_conntrack_acct.o nf_conntrack_seqadj.o
+ nf_conntrack-$(CONFIG_NF_CONNTRACK_TIMEOUT) += nf_conntrack_timeout.o
+--- /dev/null
++++ b/net/netfilter/utils.c
+@@ -0,0 +1,26 @@
++#include <linux/kernel.h>
++#include <linux/netfilter.h>
++#include <linux/netfilter_ipv4.h>
++#include <linux/netfilter_ipv6.h>
++
++__sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
++ unsigned int dataoff, u_int8_t protocol,
++ unsigned short family)
++{
++ const struct nf_ipv6_ops *v6ops;
++ __sum16 csum = 0;
++
++ switch (family) {
++ case AF_INET:
++ csum = nf_ip_checksum(skb, hook, dataoff, protocol);
++ break;
++ case AF_INET6:
++ v6ops = rcu_dereference(nf_ipv6_ops);
++ if (v6ops)
++ csum = v6ops->checksum(skb, hook, dataoff, protocol);
++ break;
++ }
++
++ return csum;
++}
++EXPORT_SYMBOL_GPL(nf_checksum);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 13:31:14 +0000