diff mbox series

[net-next,1/9] netfilter: nfnetlink_queue: unbreak SCTP traffic

Message ID 20240822221939.157858-2-pablo@netfilter.org (mailing list archive)
State Accepted
Commit 26a77d02891ab62172085a4f94af9b3c90aed387
Delegated to: Netdev Maintainers
Headers show
Series [net-next,1/9] netfilter: nfnetlink_queue: unbreak SCTP traffic | expand

Checks

Context Check Description
netdev/series_format success Pull request is its own cover letter
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 16 this patch: 16
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 2 maintainers not CCed: coreteam@netfilter.org kadlec@netfilter.org
netdev/build_clang success Errors and warnings before: 16 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 21 this patch: 21
netdev/checkpatch warning WARNING: line length of 91 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 79 this patch: 79
netdev/source_inline success Was 0 now: 0

Commit Message

Pablo Neira Ayuso Aug. 22, 2024, 10:19 p.m. UTC
From: Antonio Ojea <aojea@google.com>

when packet is enqueued with nfqueue and GSO is enabled, checksum
calculation has to take into account the protocol, as SCTP uses a
32 bits CRC checksum.

Enter skb_gso_segment() path in case of SCTP GSO packets because
skb_zerocopy() does not support for GSO_BY_FRAGS.

Joint work with Pablo.

Signed-off-by: Antonio Ojea <aojea@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/core/dev.c                  |  1 +
 net/netfilter/nfnetlink_queue.c | 12 ++++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org Aug. 26, 2024, 3:50 p.m. UTC | #1
Hello:

This series was applied to netdev/net-next.git (main)
by Pablo Neira Ayuso <pablo@netfilter.org>:

On Fri, 23 Aug 2024 00:19:31 +0200 you wrote:
> From: Antonio Ojea <aojea@google.com>
> 
> when packet is enqueued with nfqueue and GSO is enabled, checksum
> calculation has to take into account the protocol, as SCTP uses a
> 32 bits CRC checksum.
> 
> Enter skb_gso_segment() path in case of SCTP GSO packets because
> skb_zerocopy() does not support for GSO_BY_FRAGS.
> 
> [...]

Here is the summary with links:
  - [net-next,1/9] netfilter: nfnetlink_queue: unbreak SCTP traffic
    https://git.kernel.org/netdev/net-next/c/26a77d02891a
  - [net-next,2/9] selftests: netfilter: nft_queue.sh: sctp coverage
    https://git.kernel.org/netdev/net-next/c/4e97d521c2be
  - [net-next,3/9] netfilter: nfnetlink: convert kfree_skb to consume_skb
    https://git.kernel.org/netdev/net-next/c/e2444c1d4639
  - [net-next,4/9] netfilter: nf_tables: store new sets in dedicated list
    https://git.kernel.org/netdev/net-next/c/c1aa38866b9c
  - [net-next,5/9] netfilter: nf_tables: do not remove elements if set backend implements .abort
    https://git.kernel.org/netdev/net-next/c/c9526aeb4998
  - [net-next,6/9] netfilter: move nf_ct_netns_get out of nf_conncount_init
    https://git.kernel.org/netdev/net-next/c/d5283b47e225
  - [net-next,7/9] netfilter: nf_tables: pass context structure to nft_parse_register_load
    https://git.kernel.org/netdev/net-next/c/7ea0522ef81a
  - [net-next,8/9] netfilter: nf_tables: allow loads only when register is initialized
    https://git.kernel.org/netdev/net-next/c/14fb07130c7d
  - [net-next,9/9] netfilter: nf_tables: don't initialize registers in nft_do_chain()
    https://git.kernel.org/netdev/net-next/c/c88baabf16d1

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/core/dev.c b/net/core/dev.c
index e7260889d4cb..8384282acadf 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3386,6 +3386,7 @@  int skb_crc32c_csum_help(struct sk_buff *skb)
 out:
 	return ret;
 }
+EXPORT_SYMBOL(skb_crc32c_csum_help);
 
 __be16 skb_network_protocol(struct sk_buff *skb, int *depth)
 {
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index e0716da256bf..d2773ce9b585 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -540,6 +540,14 @@  static int nfqnl_put_bridge(struct nf_queue_entry *entry, struct sk_buff *skb)
 	return -1;
 }
 
+static int nf_queue_checksum_help(struct sk_buff *entskb)
+{
+	if (skb_csum_is_sctp(entskb))
+		return skb_crc32c_csum_help(entskb);
+
+	return skb_checksum_help(entskb);
+}
+
 static struct sk_buff *
 nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 			   struct nf_queue_entry *entry,
@@ -602,7 +610,7 @@  nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	case NFQNL_COPY_PACKET:
 		if (!(queue->flags & NFQA_CFG_F_GSO) &&
 		    entskb->ip_summed == CHECKSUM_PARTIAL &&
-		    skb_checksum_help(entskb))
+		    nf_queue_checksum_help(entskb))
 			return NULL;
 
 		data_len = READ_ONCE(queue->copy_range);
@@ -1014,7 +1022,7 @@  nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
 		break;
 	}
 
-	if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(skb))
+	if (!skb_is_gso(skb) || ((queue->flags & NFQA_CFG_F_GSO) && !skb_is_gso_sctp(skb)))
 		return __nfqnl_enqueue_packet(net, queue, entry);
 
 	nf_bridge_adjust_skb_data(skb);