netdev
[Top] [All Lists]

Developers please read: changes in Netfilter.

To: netfilter-devel@xxxxxxxxxxxxxxxxxxx
Subject: Developers please read: changes in Netfilter.
From: James Morris <jmorris@xxxxxxxxxx>
Date: Fri, 4 Jun 2004 19:55:57 -0400 (EDT)
Cc: netdev@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
Netfilter developers should be aware of a changeset now merged into Linus'
bk tree.  A section of code in nf_hook_slow() which invalidates hardware
checksums and recalculates them on output paths has been removed and
pushed up to the Netfilter components which actually mangle packets (e.g.
NAT).

What this means is that any new code, or out of tree code (e.g. POM) needs
to be reviewed to ensure that it handles hardware checksumming correctly
itself, as the netfilter core code no longer does this.  (Although note 
that NAT targets/helpers are covered automatically).

Briefly, what needs to be done is: before mangling a packet in a way which
might affect the TCP or UDP checksum, if the packet has hardware
checksumming enabled, call skb_checksum_help().

For more details & code examples, refer to the changeset info:
<http://linux.bkbits.net:8080/linux-2.5/cset@40c002854YGOfqN8yOMFH8gC2xarLw?nav=index.html|ChangeSet@-1d>
<http://linux.bkbits.net:8080/linux-2.5/cset@40c0e261NUNg6uPWlw-lTjG5StoDwQ?nav=index.html|ChangeSet@-1d>



- James
-- 
James Morris
<jmorris@xxxxxxxxxx>



<Prev in Thread] Current Thread [Next in Thread>
  • Developers please read: changes in Netfilter., James Morris <=