netfilter: Allow calling into nat helper without skb_dst.
authorJarno Rajahalme <jarno@ovn.org>
Thu, 10 Mar 2016 18:54:17 +0000 (10:54 -0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 14 Mar 2016 22:47:27 +0000 (23:47 +0100)
NAT checksum recalculation code assumes existence of skb_dst, which
becomes a problem for a later patch in the series ("openvswitch:
Interface with NAT.").  Simplify this by removing the check on
skb_dst, as the checksum will be dealt with later in the stack.

Suggested-by: Pravin Shelar <pshelar@nicira.com>
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c

index 61c7cc22ea684ffe289f3eb8373584dee94c182c..f8aad03d674b05008edb5b9883b3a26b2fa7461f 100644 (file)
@@ -127,29 +127,15 @@ static void nf_nat_ipv4_csum_recalc(struct sk_buff *skb,
                                    u8 proto, void *data, __sum16 *check,
                                    int datalen, int oldlen)
 {
-       const struct iphdr *iph = ip_hdr(skb);
-       struct rtable *rt = skb_rtable(skb);
-
        if (skb->ip_summed != CHECKSUM_PARTIAL) {
-               if (!(rt->rt_flags & RTCF_LOCAL) &&
-                   (!skb->dev || skb->dev->features &
-                    (NETIF_F_IP_CSUM | NETIF_F_HW_CSUM))) {
-                       skb->ip_summed = CHECKSUM_PARTIAL;
-                       skb->csum_start = skb_headroom(skb) +
-                                         skb_network_offset(skb) +
-                                         ip_hdrlen(skb);
-                       skb->csum_offset = (void *)check - data;
-                       *check = ~csum_tcpudp_magic(iph->saddr, iph->daddr,
-                                                   datalen, proto, 0);
-               } else {
-                       *check = 0;
-                       *check = csum_tcpudp_magic(iph->saddr, iph->daddr,
-                                                  datalen, proto,
-                                                  csum_partial(data, datalen,
-                                                               0));
-                       if (proto == IPPROTO_UDP && !*check)
-                               *check = CSUM_MANGLED_0;
-               }
+               const struct iphdr *iph = ip_hdr(skb);
+
+               skb->ip_summed = CHECKSUM_PARTIAL;
+               skb->csum_start = skb_headroom(skb) + skb_network_offset(skb) +
+                       ip_hdrlen(skb);
+               skb->csum_offset = (void *)check - data;
+               *check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, datalen,
+                                           proto, 0);
        } else
                inet_proto_csum_replace2(check, skb,
                                         htons(oldlen), htons(datalen), true);
index 6ce3099288416b3753d6cab8ee70f1a0b97ab94f..e0be97e636a48f54c1488ca70ae97a9a13e8be61 100644 (file)
@@ -131,29 +131,15 @@ static void nf_nat_ipv6_csum_recalc(struct sk_buff *skb,
                                    u8 proto, void *data, __sum16 *check,
                                    int datalen, int oldlen)
 {
-       const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
-       struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
-
        if (skb->ip_summed != CHECKSUM_PARTIAL) {
-               if (!(rt->rt6i_flags & RTF_LOCAL) &&
-                   (!skb->dev || skb->dev->features &
-                    (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))) {
-                       skb->ip_summed = CHECKSUM_PARTIAL;
-                       skb->csum_start = skb_headroom(skb) +
-                                         skb_network_offset(skb) +
-                                         (data - (void *)skb->data);
-                       skb->csum_offset = (void *)check - data;
-                       *check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr,
-                                                 datalen, proto, 0);
-               } else {
-                       *check = 0;
-                       *check = csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr,
-                                                datalen, proto,
-                                                csum_partial(data, datalen,
-                                                             0));
-                       if (proto == IPPROTO_UDP && !*check)
-                               *check = CSUM_MANGLED_0;
-               }
+               const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
+
+               skb->ip_summed = CHECKSUM_PARTIAL;
+               skb->csum_start = skb_headroom(skb) + skb_network_offset(skb) +
+                       (data - (void *)skb->data);
+               skb->csum_offset = (void *)check - data;
+               *check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr,
+                                         datalen, proto, 0);
        } else
                inet_proto_csum_replace2(check, skb,
                                         htons(oldlen), htons(datalen), true);