ia64/xen-unstable

view patches/linux-2.6.16/net-csum.patch @ 9828:1020c52c58c1

The Xen checksum offload feature attempts to insert a TCP/UDP
checksums into already encrypted packets (esp4) in dom0. Obviously,
it is not possible to insert a checksum into an already encrypted
packet, so this patch inserts the checksum prior to encrypting
packets in net/ipv4/xfrm4_output.c.

To do this cleanly, the TCP/UDP header pointers need to be pointed to
the correct spot, so this functionality has been abstracted into a new
function.

This patch fixes bug 143 (verified by Jim Dykman). Earlier version
verified by Jon McCune.

Signed-off-by: James Dykman <dykman@us.ibm.com>
Signed-off-by: Jon Mason <jdmason@us.ibm.com>
author kaf24@firebug.cl.cam.ac.uk
date Sat Apr 22 10:41:53 2006 +0100 (2006-04-22)
parents b64ac7e90ac6
children
line source
1 diff -pruN ../pristine-linux-2.6.16/net/ipv4/netfilter/ip_nat_proto_tcp.c ./net/ipv4/netfilter/ip_nat_proto_tcp.c
2 --- ../pristine-linux-2.6.16/net/ipv4/netfilter/ip_nat_proto_tcp.c 2006-03-20 05:53:29.000000000 +0000
3 +++ ./net/ipv4/netfilter/ip_nat_proto_tcp.c 2006-03-20 19:38:19.000000000 +0000
4 @@ -129,10 +129,14 @@ tcp_manip_pkt(struct sk_buff **pskb,
5 if (hdrsize < sizeof(*hdr))
6 return 1;
8 - hdr->check = ip_nat_cheat_check(~oldip, newip,
9 + if ((*pskb)->proto_csum_blank) {
10 + hdr->check = ip_nat_cheat_check(oldip, ~newip, hdr->check);
11 + } else {
12 + hdr->check = ip_nat_cheat_check(~oldip, newip,
13 ip_nat_cheat_check(oldport ^ 0xFFFF,
14 newport,
15 hdr->check));
16 + }
17 return 1;
18 }
20 diff -pruN ../pristine-linux-2.6.16/net/ipv4/netfilter/ip_nat_proto_udp.c ./net/ipv4/netfilter/ip_nat_proto_udp.c
21 --- ../pristine-linux-2.6.16/net/ipv4/netfilter/ip_nat_proto_udp.c 2006-03-20 05:53:29.000000000 +0000
22 +++ ./net/ipv4/netfilter/ip_nat_proto_udp.c 2006-03-20 19:38:19.000000000 +0000
23 @@ -113,11 +113,16 @@ udp_manip_pkt(struct sk_buff **pskb,
24 newport = tuple->dst.u.udp.port;
25 portptr = &hdr->dest;
26 }
27 - if (hdr->check) /* 0 is a special case meaning no checksum */
28 - hdr->check = ip_nat_cheat_check(~oldip, newip,
29 + if (hdr->check) { /* 0 is a special case meaning no checksum */
30 + if ((*pskb)->proto_csum_blank) {
31 + hdr->check = ip_nat_cheat_check(oldip, ~newip, hdr->check);
32 + } else {
33 + hdr->check = ip_nat_cheat_check(~oldip, newip,
34 ip_nat_cheat_check(*portptr ^ 0xFFFF,
35 newport,
36 hdr->check));
37 + }
38 + }
39 *portptr = newport;
40 return 1;
41 }
42 diff -r 601fa226a761 net/ipv4/xfrm4_output.c
43 --- a/net/ipv4/xfrm4_output.c Wed Apr 19 18:52:30 2006
44 +++ b/net/ipv4/xfrm4_output.c Thu Apr 20 15:49:40 2006
45 @@ -16,6 +16,8 @@
46 #include <net/ip.h>
47 #include <net/xfrm.h>
48 #include <net/icmp.h>
49 +
50 +extern int skb_checksum_setup(struct sk_buff *skb);
52 /* Add encapsulation header.
53 *
54 @@ -103,6 +105,10 @@
55 struct xfrm_state *x = dst->xfrm;
56 int err;
58 + err = skb_checksum_setup(skb);
59 + if (err)
60 + goto error_nolock;
61 +
62 if (skb->ip_summed == CHECKSUM_HW) {
63 err = skb_checksum_help(skb, 0);
64 if (err)