From e633508a95289489d28faacb68b32c3e7e68ef6f Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 15 May 2019 20:15:32 +0200 Subject: netfilter: nft_fib: Fix existence check support NFTA_FIB_F_PRESENT flag was not always honored since eval functions did not call nft_fib_store_result in all cases. Given that in all callsites there is a struct net_device pointer available which holds the interface data to be stored in destination register, simplify nft_fib_store_result() to just accept that pointer instead of the nft_pktinfo pointer and interface index. This also allows to drop the index to interface lookup previously needed to get the name associated with given index. Fixes: 055c4b34b94f6 ("netfilter: nft_fib: Support existence check") Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nft_fib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/net') diff --git a/include/net/netfilter/nft_fib.h b/include/net/netfilter/nft_fib.h index a88f92737308..e4c4d8eaca8c 100644 --- a/include/net/netfilter/nft_fib.h +++ b/include/net/netfilter/nft_fib.h @@ -34,5 +34,5 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt); void nft_fib_store_result(void *reg, const struct nft_fib *priv, - const struct nft_pktinfo *pkt, int index); + const struct net_device *dev); #endif -- cgit v1.2.3 From f2696099c6c619aec4fe2b9691f0a81429957e65 Mon Sep 17 00:00:00 2001 From: Sean Tranchetti Date: Tue, 28 May 2019 12:22:54 -0600 Subject: udp: Avoid post-GRO UDP checksum recalculation Currently, when resegmenting an unexpected UDP GRO packet, the full UDP checksum will be calculated for every new SKB created by skb_segment() because the netdev features passed in by udp_rcv_segment() lack any information about checksum offload capabilities. Usually, we have no need to perform this calculation again, as 1) The GRO implementation guarantees that any packets making it to the udp_rcv_segment() function had correct checksums, and, more importantly, 2) Upon the successful return of udp_rcv_segment(), we immediately pull the UDP header off and either queue the segment to the socket or hand it off to a new protocol handler. Unless userspace has set the IP_CHECKSUM sockopt to indicate that they want the final checksum values, we can pass the needed netdev feature flags to __skb_gso_segment() to avoid checksumming each segment in skb_segment(). Fixes: cf329aa42b66 ("udp: cope with UDP GRO packet misdirection") Cc: Paolo Abeni Cc: Subash Abhinov Kasiviswanathan Signed-off-by: Sean Tranchetti Acked-by: Paolo Abeni Signed-off-by: David S. Miller --- include/net/udp.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'include/net') diff --git a/include/net/udp.h b/include/net/udp.h index d8ce937bc395..dbe030da20a1 100644 --- a/include/net/udp.h +++ b/include/net/udp.h @@ -471,12 +471,19 @@ void udpv6_encap_enable(void); static inline struct sk_buff *udp_rcv_segment(struct sock *sk, struct sk_buff *skb, bool ipv4) { + netdev_features_t features = NETIF_F_SG; struct sk_buff *segs; + /* Avoid csum recalculation by skb_segment unless userspace explicitly + * asks for the final checksum values + */ + if (!inet_get_convert_csum(sk)) + features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM; + /* the GSO CB lays after the UDP one, no need to save and restore any * CB fragment */ - segs = __skb_gso_segment(skb, NETIF_F_SG, false); + segs = __skb_gso_segment(skb, features, false); if (unlikely(IS_ERR_OR_NULL(segs))) { int segs_nr = skb_shinfo(skb)->gso_segs; -- cgit v1.2.3