summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavide Caratti <dcaratti@redhat.com>2016-12-05 15:33:57 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2016-12-07 13:22:50 +0100
commit3189a290f98d3d3b76536ab61e9ff95751ed8124 (patch)
treeb1879d66182cab9d3ee67f70da3b14ed5e8e33d8
parent3b760dcb0fd304873dfde9ff072a49f893c6f5c4 (diff)
netfilter: nat: skip checksum on offload SCTP packets
SCTP GSO and hardware can do CRC32c computation after netfilter processing, so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE when the NAT code computes the CRC, to prevent offloaders from computing it again (on ixgbe this resulted in a transmission with wrong L4 checksum). Signed-off-by: Davide Caratti <dcaratti@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nf_nat_proto_sctp.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/netfilter/nf_nat_proto_sctp.c b/net/netfilter/nf_nat_proto_sctp.c
index 2e14108ff697..31d358691af0 100644
--- a/net/netfilter/nf_nat_proto_sctp.c
+++ b/net/netfilter/nf_nat_proto_sctp.c
@@ -47,7 +47,10 @@ sctp_manip_pkt(struct sk_buff *skb,
hdr->dest = tuple->dst.u.sctp.port;
}
- hdr->checksum = sctp_compute_cksum(skb, hdroff);
+ if (skb->ip_summed != CHECKSUM_PARTIAL) {
+ hdr->checksum = sctp_compute_cksum(skb, hdroff);
+ skb->ip_summed = CHECKSUM_NONE;
+ }
return true;
}