netfilter: ipt_REJECT: postpone the checksum calculation.

postpone the checksum calculation, then if the output NIC supports checksum
offloading, we can utlize it. And though the output NIC doesn't support
checksum offloading, but we'll mangle this packet, this can free us from
updating the checksum, as the checksum calculation occurs later.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index f5f4a888e4ec71243f2d6589507355f28273c5e9..3d0e064bab54b6f0c40e8a7f6d753e358cff5d49 100644 (file)
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -95,10 +95,11 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        }
 
        tcph->rst       = 1;
-       tcph->check     = tcp_v4_check(sizeof(struct tcphdr),
-                                      niph->saddr, niph->daddr,
-                                      csum_partial(tcph,
-                                                   sizeof(struct tcphdr), 0));
+       tcph->check = ~tcp_v4_check(sizeof(struct tcphdr), niph->saddr,
+                                   niph->daddr, 0);
+       nskb->ip_summed = CHECKSUM_PARTIAL;
+       nskb->csum_start = (unsigned char *)tcph - nskb->head;
+       nskb->csum_offset = offsetof(struct tcphdr, check);
 
        addr_type = RTN_UNSPEC;
        if (hook != NF_INET_FORWARD
@@ -115,7 +116,6 @@ static void send_reset(struct sk_buff *oldskb, int hook)
                goto free_nskb;
 
        niph->ttl       = dst_metric(skb_dst(nskb), RTAX_HOPLIMIT);
-       nskb->ip_summed = CHECKSUM_NONE;
 
        /* "Never happens" */
        if (nskb->len > dst_mtu(skb_dst(nskb)))