James Morris wrote:
On Sun, 15 Feb 2004, Mika Penttilä wrote:
James Morris wrote:
On Sat, 14 Feb 2004, Mika Penttilä wrote:
This is unneeded overhead for the common case. The right fix is to make
sure the modifier (netfilter etc) makes the copy if needed. Actually,
this is what skb_ip_make_writable() is doing.
The common case here will be only for locally generated multicast and
broadcast packets.
If the netfilter core code is modified instead, we will end up adding
skb_ip_make_writable() to nf_hook_slow() which will be called for every
packet with an output device which uses hardware checksums.
Not sure which is worse, but here's a proposed patch which does this.
- James
I don't see the context here. Where is the packet mangled? Why isn't
that instance doing skb_ip_make_writable()? selinux? Not everyone
generating locally multicast/broadcast packets is using selinux...
[my previous post didn't seem to make it to the list, newer patch is
attached below again]
The packet is mangled in skb_checksum_help(), which is called by the
Netfilter core code. It is not being mangled by SELinux.
- James
skb_checksum_help() updates skb->ip_summed to CHECKSUM_NONE in the
original skb, and this should be seen by the driver. With your change
the checksum is calculated twice, once for the looping back packet, and
once for the outgoing.
--Mika
|