diff options
author | Davide Caratti <dcaratti@redhat.com> | 2016-12-05 17:33:57 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-12-07 15:22:50 +0300 |
commit | 3189a290f98d3d3b76536ab61e9ff95751ed8124 (patch) | |
tree | b1879d66182cab9d3ee67f70da3b14ed5e8e33d8 | |
parent | 3b760dcb0fd304873dfde9ff072a49f893c6f5c4 (diff) | |
download | linux-3189a290f98d3d3b76536ab61e9ff95751ed8124.tar.xz |
netfilter: nat: skip checksum on offload SCTP packets
SCTP GSO and hardware can do CRC32c computation after netfilter processing,
so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed
is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE
when the NAT code computes the CRC, to prevent offloaders from computing
it again (on ixgbe this resulted in a transmission with wrong L4 checksum).
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | net/netfilter/nf_nat_proto_sctp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/net/netfilter/nf_nat_proto_sctp.c b/net/netfilter/nf_nat_proto_sctp.c index 2e14108ff697..31d358691af0 100644 --- a/net/netfilter/nf_nat_proto_sctp.c +++ b/net/netfilter/nf_nat_proto_sctp.c @@ -47,7 +47,10 @@ sctp_manip_pkt(struct sk_buff *skb, hdr->dest = tuple->dst.u.sctp.port; } - hdr->checksum = sctp_compute_cksum(skb, hdroff); + if (skb->ip_summed != CHECKSUM_PARTIAL) { + hdr->checksum = sctp_compute_cksum(skb, hdroff); + skb->ip_summed = CHECKSUM_NONE; + } return true; } |