netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Developers please read: changes in Netfilter.

from [James Morris] [Permanent Link][Original]
To: netfilter-devel@xxxxxxxxxxxxxxxxxxx
Subject: Developers please read: changes in Netfilter.
From: James Morris <jmorris@xxxxxxxxxx>
Date: Fri, 4 Jun 2004 19:55:57 -0400 (EDT)
Cc: netdev@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx 
Netfilter developers should be aware of a changeset now merged into Linus'
bk tree.  A section of code in nf_hook_slow() which invalidates hardware
checksums and recalculates them on output paths has been removed and
pushed up to the Netfilter components which actually mangle packets (e.g.
NAT).

What this means is that any new code, or out of tree code (e.g. POM) needs
to be reviewed to ensure that it handles hardware checksumming correctly
itself, as the netfilter core code no longer does this.  (Although note 
that NAT targets/helpers are covered automatically).

Briefly, what needs to be done is: before mangling a packet in a way which
might affect the TCP or UDP checksum, if the packet has hardware
checksumming enabled, call skb_checksum_help().

For more details & code examples, refer to the changeset info:
<http://linux.bkbits.net:8080/linux-2.5/cset@40c002854YGOfqN8yOMFH8gC2xarLw?nav=index.html|ChangeSet@-1d>
<http://linux.bkbits.net:8080/linux-2.5/cset@40c0e261NUNg6uPWlw-lTjG5StoDwQ?nav=index.html|ChangeSet@-1d>



- James
-- 
James Morris
<jmorris@xxxxxxxxxx>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Developers please read: changes in Netfilter., James Morris <=
Previous by Date:  [PATCH] common code for generating tcp_info, Stephen Hemminger
Next by Date:  Re: [PATCH] common code for generating tcp_info, David S. Miller
Previous by Thread:  [PATCH] common code for generating tcp_info, Stephen Hemminger
Next by Thread:  [NETDRV] Fix netdev leak on probe failure in 3c527, Herbert Xu
Indexes:  [Date] [Thread] [Top] [All Lists]