linux/net
Daniel Borkmann 97203abe6b net: ipvs: sctp: do not recalc sctp csum when ports didn't change
Unlike UDP or TCP, we do not take the pseudo-header into
account in SCTP checksums. So in case port mapping is the
very same, we do not need to recalculate the whole SCTP
checksum in software, which is very expensive.

Also, similarly as in TCP, take into account when a private
helper mangled the packet. In that case, we also need to
recalculate the checksum even if ports might be same.

Thanks for feedback regarding skb->ip_summed checks from
Julian Anastasov; here's a discussion on these checks for
snat and dnat:

* For snat_handler(), we can see CHECKSUM_PARTIAL from
  virtual devices, and from LOCAL_OUT, otherwise it
  should be CHECKSUM_UNNECESSARY. In general, in snat it
  is more complex. skb contains the original route and
  ip_vs_route_me_harder() can change the route after
  snat_handler. So, for locally generated replies from
  local server we can not preserve the CHECKSUM_PARTIAL
  mode. It is an chicken or egg dilemma: snat_handler
  needs the device after rerouting (to check for
  NETIF_F_SCTP_CSUM), while ip_route_me_harder() wants
  the snat_handler() to put the new saddr for proper
  rerouting.

* For dnat_handler(), we should not see CHECKSUM_COMPLETE
  for SCTP, in fact the small set of drivers that support
  SCTP offloading return CHECKSUM_UNNECESSARY on correctly
  received SCTP csum. We can see CHECKSUM_PARTIAL from
  local stack or received from virtual drivers. The idea is
  that SCTP decides to avoid csum calculation if hardware
  supports offloading. IPVS can change the device after
  rerouting to real server but we can preserve the
  CHECKSUM_PARTIAL mode if the new device supports
  offloading too. This works because skb dst is changed
  before dnat_handler and we see the new device. So, checks
  in the 'if' part will decide whether it is ok to keep
  CHECKSUM_PARTIAL for the output. If the packet was with
  CHECKSUM_NONE, hence we deal with unknown checksum. As we
  recalculate the sum for IP header in all cases, it should
  be safe to use CHECKSUM_UNNECESSARY. We can forward wrong
  checksum in this case (without cp->app). In case of
  CHECKSUM_UNNECESSARY, the csum was valid on receive.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
2013-10-30 09:48:16 +09:00
..
9p for-linus-3.12-merge minor 9p fixes and tweaks for 3.12 merge window 2013-09-11 12:34:13 -07:00
802 mrp: add periodictimer to allow retries when packets get lost 2013-09-23 16:53:52 -04:00
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-08 23:07:53 -04:00
appletalk net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
atm net: always pass struct netdev_notifier_info to netdevice notifiers 2013-05-28 21:58:54 -07:00
ax25 net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
batman-adv batman-adv: set up network coding packet handlers during module init 2013-10-02 13:46:19 +02:00
bluetooth Bluetooth: Only one command per L2CAP LE signalling is supported 2013-10-03 16:09:59 +03:00
bridge bridge: netfilter: orphan skb before invoking ip netfilter hooks 2013-10-27 21:44:33 +01:00
caif caif: Add missing braces to multiline if in cfctrl_linkup_request 2013-09-05 14:31:02 -04:00
can can: gw: add a per rule limitation of frame hops 2013-08-29 22:58:24 +02:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-09-19 12:50:37 -05:00
core net: gro: allow to build full sized skb 2013-10-10 00:08:07 -04:00
dcb
dccp inet: rename ir_loc_port to ir_num 2013-10-10 14:37:35 -04:00
decnet net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
dns_resolver net: strict_strtoul is obsolete, use kstrtoul instead 2013-07-12 16:09:14 -07:00
dsa net: dsa: inherit addr_assign_type along with dev_addr 2013-09-03 20:57:49 -04:00
ethernet ethernet: use likely() for common Ethernet encap 2013-09-30 21:52:53 -07:00
ieee802154 6lowpan: Sync default hardware address of lowpan links to their wpan 2013-10-08 15:28:37 -04:00
ipv4 netfilter: ipt_CLUSTERIP: use proper net namespace to operate CLUSTERIP 2013-10-17 10:48:47 +02:00
ipv6 netfilter: ip6t_REJECT: skip checksum verification for outgoing ipv6 packets 2013-10-23 11:20:00 +02:00
ipx net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
irda net/irda: fixed style issues in irttp 2013-07-19 17:34:40 -07:00
iucv net: delete __cpuinit usage from all net files 2013-07-14 19:36:58 -04:00
key xfrm: Remove rebundant address family checking 2013-08-07 10:12:58 +02:00
l2tp ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
lapb net/lapb: re-send packets on timeout 2013-09-23 16:52:45 -04:00
llc llc: Use normal etherdevice.h tests 2013-09-03 22:34:47 -04:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-08 23:07:53 -04:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
mpls MPLS: Add limited GSO support 2013-05-27 22:50:59 -07:00
netfilter net: ipvs: sctp: do not recalc sctp csum when ports didn't change 2013-10-30 09:48:16 +09:00
netlabel inet: includes a sock_common in request_sock 2013-10-10 00:08:07 -04:00
netlink net: netlink: filter particular protocols from analyzers 2013-09-06 14:43:48 -04:00
netrom net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
nfc NFC: Update secure element state 2013-08-14 01:13:40 +02:00
openvswitch net ipv4: Convert ipv4.ip_local_port_range to be per netns v3 2013-09-30 21:59:38 -07:00
packet net: packet: use reciprocal_divide in fanout_demux_hash 2013-08-29 16:43:29 -04:00
phonet net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
rds net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
rose net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
rxrpc
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-08 23:07:53 -04:00
sctp ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
sunrpc net: fix build errors if ipv6 is disabled 2013-10-09 13:04:03 -04:00
tipc tipc: set sk_err correctly when connection fails 2013-08-30 16:06:57 -04:00
unix unix_diag: fix info leak 2013-10-02 16:08:24 -04:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-08-16 15:37:26 -07:00
wimax
wireless cfg80211: fix sysfs registration race 2013-09-26 20:03:45 +02:00
x25 x25: add a sanity check parsing X.25 facilities 2013-09-04 00:27:27 -04:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2013-09-30 15:24:57 -04:00
compat.c net: heap overflow in __audit_sockaddr() 2013-10-03 16:05:14 -04:00
Kconfig Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
Makefile MPLS: Add limited GSO support 2013-05-27 22:50:59 -07:00
nonet.c
socket.c net: heap overflow in __audit_sockaddr() 2013-10-03 16:05:14 -04:00
sysctl_net.c net: Update the sysctl permissions handler to test effective uid/gid 2013-10-07 15:57:56 -04:00