Eric Lee / smarc-fsl-linux-kernel

02 Jul, 2017

1 commit

  • ae146d9b7   sctp: remove the typedef sctp_sctphdr_t ... Browse Code »

    This patch is to remove the typedef sctp_sctphdr_t, and replace
    with struct sctphdr in the places where it's using this typedef.

    It is also to fix some indents and use sizeof(variable) instead
    of sizeof(type).

    Signed-off-by: Xin Long
    Signed-off-by: David S. Miller

    Xin Long
     

09 Mar, 2017

1 commit

  • 8e05ba7f8   netfilter: nf_nat_sctp: fix ICMP packet to be dropped accidently ... Browse Code »

    Regarding RFC 792, the first 64 bits of the original SCTP datagram's
    data could be contained in ICMP packet, such as:

    0 1 2 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Type | Code | Checksum |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | unused |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Internet Header + 64 bits of Original Data Datagram |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    However, according to RFC 4960, SCTP datagram header is as below:

    0 1 2 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Source Port Number | Destination Port Number |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Verification Tag |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Checksum |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    It means only the first three fields of SCTP header can be carried in
    ICMP packet except for Checksum field.

    At present in sctp_manip_pkt(), no matter whether the packet is ICMP or
    not, it always calculates SCTP packet checksum. However, not only the
    calculation of checksum is unnecessary for ICMP, but also it causes
    another fatal issue that ICMP packet is dropped. The header size of
    SCTP is used to identify whether the writeable length of skb is bigger
    than skb->len through skb_make_writable() in sctp_manip_pkt(). But
    when it deals with ICMP packet, skb_make_writable() directly returns
    false as the writeable length of skb is bigger than skb->len.
    Subsequently ICMP is dropped.

    Now we correct this misbahavior. When sctp_manip_pkt() handles ICMP
    packet, 8 bytes rather than the whole SCTP header size is used to check
    if writeable length of skb is overflowed. Meanwhile, as it's meaningless
    to calculate checksum when packet is ICMP, the computation of checksum
    is ignored as well.

    Signed-off-by: Ying Xue
    Signed-off-by: Pablo Neira Ayuso

    Ying Xue
     

07 Dec, 2016

1 commit

  • 3189a290f   netfilter: nat: skip checksum on offload SCTP packets ... Browse Code »

    SCTP GSO and hardware can do CRC32c computation after netfilter processing,
    so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed
    is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE
    when the NAT code computes the CRC, to prevent offloaders from computing
    it again (on ixgbe this resulted in a transmission with wrong L4 checksum).

    Signed-off-by: Davide Caratti
    Signed-off-by: Pablo Neira Ayuso

    Davide Caratti
     

05 Dec, 2016

1 commit

  • 7a2dd28c7   netfilter: built-in NAT support for SCTP ... Browse Code »

    CONFIG_NF_NAT_PROTO_SCTP is no more a tristate. When set to y, NAT
    support for SCTP protocol is built-in into nf_nat.ko.

    footprint test:

    (nf_nat_proto_) | sctp || nf_nat
    --------------------------+--------++--------
    no builtin | 428344 || 2241312
    SCTP builtin | - || 2597032

    Signed-off-by: Davide Caratti
    Signed-off-by: Pablo Neira Ayuso

    Davide Caratti
     

30 Jun, 2014

1 commit

  • 24de3d377   netfilter: use IS_ENABLED() macro ... Browse Code »

    replace:
    #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
    with
    #if IS_ENABLED(CONFIG_NF_CT_NETLINK)

    replace:
    #if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE)
    with
    #if !IS_ENABLED(CONFIG_NF_NAT)

    replace:
    #if !defined(CONFIG_NF_CONNTRACK) && !defined(CONFIG_NF_CONNTRACK_MODULE)
    with
    #if !IS_ENABLED(CONFIG_NF_CONNTRACK)

    And add missing:
    IS_ENABLED(CONFIG_NF_CT_NETLINK)

    in net/ipv{4,6}/netfilter/nf_nat_l3proto_ipv{4,6}.c

    Signed-off-by: Duan Jiong
    Signed-off-by: Pablo Neira Ayuso

    Duan Jiong
     

28 Jul, 2013

1 commit

30 Apr, 2013

1 commit

  • eee1d5a14   sctp: Correct type and usage of sctp_end_cksum() ... Browse Code »

    Change the type of the crc32 parameter of sctp_end_cksum()
    from __be32 to __u32 to reflect that fact that it is passed
    to cpu_to_le32().

    There are five in-tree users of sctp_end_cksum().
    The following four had warnings flagged by sparse which are
    no longer present with this change.

    net/netfilter/ipvs/ip_vs_proto_sctp.c:sctp_nat_csum()
    net/netfilter/ipvs/ip_vs_proto_sctp.c:sctp_csum_check()
    net/sctp/input.c:sctp_rcv_checksum()
    net/sctp/output.c:sctp_packet_transmit()

    The fifth user is net/netfilter/nf_nat_proto_sctp.c:sctp_manip_pkt().
    It has been updated to pass a __u32 instead of a __be32,
    the value in question was already calculated in cpu byte-order.

    net/netfilter/nf_nat_proto_sctp.c:sctp_manip_pkt() has also
    been updated to assign the return value of sctp_end_cksum()
    directly to a variable of type __le32, matching the
    type of the return value. Previously the return value
    was assigned to a variable of type __be32 and then that variable
    was finally assigned to another variable of type __le32.

    Problems flagged by sparse.
    Compile and sparse tested only.

    Signed-off-by: Simon Horman
    Signed-off-by: Pablo Neira Ayuso

    Simon Horman
     

30 Aug, 2012

1 commit