Contributors: 23
| Author |
Tokens |
Token Proportion |
Commits |
Commit Proportion |
| Patrick McHardy |
672 |
48.77% |
11 |
18.97% |
| Pablo Neira Ayuso |
286 |
20.75% |
5 |
8.62% |
| Xin Long |
112 |
8.13% |
4 |
6.90% |
| Florian Westphal |
72 |
5.22% |
7 |
12.07% |
| Bart De Schuymer |
50 |
3.63% |
5 |
8.62% |
| Harald Welte |
48 |
3.48% |
2 |
3.45% |
| Bernhard Thaler |
26 |
1.89% |
1 |
1.72% |
| Arnaldo Carvalho de Melo |
16 |
1.16% |
2 |
3.45% |
| James Morris |
13 |
0.94% |
1 |
1.72% |
| He Zhe |
12 |
0.87% |
1 |
1.72% |
| Al Viro |
10 |
0.73% |
2 |
3.45% |
| David S. Miller |
9 |
0.65% |
3 |
5.17% |
| Eric Leblond |
8 |
0.58% |
1 |
1.72% |
| Gustavo A. R. Silva |
8 |
0.58% |
1 |
1.72% |
| Bandan Das |
7 |
0.51% |
1 |
1.72% |
| Linus Torvalds (pre-git) |
7 |
0.51% |
4 |
6.90% |
| Jason A. Donenfeld |
6 |
0.44% |
1 |
1.72% |
| Shan Wei |
4 |
0.29% |
1 |
1.72% |
| Alexey Dobriyan |
4 |
0.29% |
1 |
1.72% |
| Brian Haley |
3 |
0.22% |
1 |
1.72% |
| Eric W. Biedermann |
2 |
0.15% |
1 |
1.72% |
| Ulrich Weber |
2 |
0.15% |
1 |
1.72% |
| Herbert Xu |
1 |
0.07% |
1 |
1.72% |
| Total |
1378 |
|
58 |
|
// SPDX-License-Identifier: GPL-2.0
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <net/netfilter/nf_queue.h>
#include <net/ip6_checksum.h>
#ifdef CONFIG_INET
__sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u8 protocol)
{
const struct iphdr *iph = ip_hdr(skb);
__sum16 csum = 0;
switch (skb->ip_summed) {
case CHECKSUM_COMPLETE:
if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
break;
if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP &&
!csum_fold(skb->csum)) ||
!csum_tcpudp_magic(iph->saddr, iph->daddr,
skb->len - dataoff, protocol,
skb->csum)) {
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
fallthrough;
case CHECKSUM_NONE:
if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP)
skb->csum = 0;
else
skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
skb->len - dataoff,
protocol, 0);
csum = __skb_checksum_complete(skb);
}
return csum;
}
EXPORT_SYMBOL(nf_ip_checksum);
#endif
static __sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, unsigned int len,
u8 protocol)
{
const struct iphdr *iph = ip_hdr(skb);
__sum16 csum = 0;
switch (skb->ip_summed) {
case CHECKSUM_COMPLETE:
if (len == skb->len - dataoff)
return nf_ip_checksum(skb, hook, dataoff, protocol);
fallthrough;
case CHECKSUM_NONE:
skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr, protocol,
skb->len - dataoff, 0);
skb->ip_summed = CHECKSUM_NONE;
return __skb_checksum_complete_head(skb, dataoff + len);
}
return csum;
}
__sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u8 protocol)
{
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
__sum16 csum = 0;
switch (skb->ip_summed) {
case CHECKSUM_COMPLETE:
if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
break;
if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
skb->len - dataoff, protocol,
csum_sub(skb->csum,
skb_checksum(skb, 0,
dataoff, 0)))) {
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
fallthrough;
case CHECKSUM_NONE:
skb->csum = ~csum_unfold(
csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
skb->len - dataoff,
protocol,
csum_sub(0,
skb_checksum(skb, 0,
dataoff, 0))));
csum = __skb_checksum_complete(skb);
}
return csum;
}
EXPORT_SYMBOL(nf_ip6_checksum);
static __sum16 nf_ip6_checksum_partial(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, unsigned int len,
u8 protocol)
{
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
__wsum hsum;
__sum16 csum = 0;
switch (skb->ip_summed) {
case CHECKSUM_COMPLETE:
if (len == skb->len - dataoff)
return nf_ip6_checksum(skb, hook, dataoff, protocol);
fallthrough;
case CHECKSUM_NONE:
hsum = skb_checksum(skb, 0, dataoff, 0);
skb->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr,
&ip6h->daddr,
skb->len - dataoff,
protocol,
csum_sub(0, hsum)));
skb->ip_summed = CHECKSUM_NONE;
return __skb_checksum_complete_head(skb, dataoff + len);
}
return csum;
};
__sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, u8 protocol,
unsigned short family)
{
__sum16 csum = 0;
switch (family) {
case AF_INET:
csum = nf_ip_checksum(skb, hook, dataoff, protocol);
break;
case AF_INET6:
csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
break;
}
return csum;
}
EXPORT_SYMBOL_GPL(nf_checksum);
__sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
unsigned int dataoff, unsigned int len,
u8 protocol, unsigned short family)
{
__sum16 csum = 0;
switch (family) {
case AF_INET:
csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
protocol);
break;
case AF_INET6:
csum = nf_ip6_checksum_partial(skb, hook, dataoff, len,
protocol);
break;
}
return csum;
}
EXPORT_SYMBOL_GPL(nf_checksum_partial);
int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl,
bool strict, unsigned short family)
{
const struct nf_ipv6_ops *v6ops __maybe_unused;
int ret = 0;
switch (family) {
case AF_INET:
ret = nf_ip_route(net, dst, fl, strict);
break;
case AF_INET6:
ret = nf_ip6_route(net, dst, fl, strict);
break;
}
return ret;
}
EXPORT_SYMBOL_GPL(nf_route);
static int nf_ip_reroute(struct sk_buff *skb, const struct nf_queue_entry *entry)
{
#ifdef CONFIG_INET
const struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
if (entry->state.hook == NF_INET_LOCAL_OUT) {
const struct iphdr *iph = ip_hdr(skb);
if (!(iph->tos == rt_info->tos &&
skb->mark == rt_info->mark &&
iph->daddr == rt_info->daddr &&
iph->saddr == rt_info->saddr))
return ip_route_me_harder(entry->state.net, entry->state.sk,
skb, RTN_UNSPEC);
}
#endif
return 0;
}
int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry)
{
const struct nf_ipv6_ops *v6ops;
int ret = 0;
switch (entry->state.pf) {
case AF_INET:
ret = nf_ip_reroute(skb, entry);
break;
case AF_INET6:
v6ops = rcu_dereference(nf_ipv6_ops);
if (v6ops)
ret = v6ops->reroute(skb, entry);
break;
}
return ret;
}
/* Only get and check the lengths, not do any hop-by-hop stuff. */
int nf_ip6_check_hbh_len(struct sk_buff *skb, u32 *plen)
{
int len, off = sizeof(struct ipv6hdr);
unsigned char *nh;
if (!pskb_may_pull(skb, off + 8))
return -ENOMEM;
nh = (unsigned char *)(ipv6_hdr(skb) + 1);
len = (nh[1] + 1) << 3;
if (!pskb_may_pull(skb, off + len))
return -ENOMEM;
nh = skb_network_header(skb);
off += 2;
len -= 2;
while (len > 0) {
int optlen;
if (nh[off] == IPV6_TLV_PAD1) {
off++;
len--;
continue;
}
if (len < 2)
return -EBADMSG;
optlen = nh[off + 1] + 2;
if (optlen > len)
return -EBADMSG;
if (nh[off] == IPV6_TLV_JUMBO) {
u32 pkt_len;
if (nh[off + 1] != 4 || (off & 3) != 2)
return -EBADMSG;
pkt_len = ntohl(*(__be32 *)(nh + off + 2));
if (pkt_len <= IPV6_MAXPLEN ||
ipv6_hdr(skb)->payload_len)
return -EBADMSG;
if (pkt_len > skb->len - sizeof(struct ipv6hdr))
return -EBADMSG;
*plen = pkt_len;
}
off += optlen;
len -= optlen;
}
return len ? -EBADMSG : 0;
}
EXPORT_SYMBOL_GPL(nf_ip6_check_hbh_len);