Blame SOURCES/0036-proto-add-sctp-crc32-checksum-fixup.patch

fdae68
From 876a1202351264f6d3b105258f10bde693870bd4 Mon Sep 17 00:00:00 2001
fdae68
From: Phil Sutter <psutter@redhat.com>
fdae68
Date: Mon, 7 Dec 2020 18:27:16 +0100
fdae68
Subject: [PATCH] proto: add sctp crc32 checksum fixup
fdae68
fdae68
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1895804
fdae68
Upstream Status: nftables commit 09a3b2ba0c822
fdae68
fdae68
commit 09a3b2ba0c8228d1c6bf0f030cae97addb397351
fdae68
Author: Florian Westphal <fw@strlen.de>
fdae68
Date:   Tue Oct 6 23:16:32 2020 +0200
fdae68
fdae68
    proto: add sctp crc32 checksum fixup
fdae68
fdae68
    Stateless SCTP header mangling doesn't work reliably.
fdae68
    This tells the kernel to update the checksum field using
fdae68
    the sctp crc32 algorithm.
fdae68
fdae68
    Note that this needs additional kernel support to work.
fdae68
fdae68
    Signed-off-by: Florian Westphal <fw@strlen.de>
fdae68
---
fdae68
 include/linux/netfilter/nf_tables.h | 2 ++
fdae68
 include/proto.h                     | 1 +
fdae68
 src/netlink_linearize.c             | 2 +-
fdae68
 src/proto.c                         | 8 ++++++++
fdae68
 4 files changed, 12 insertions(+), 1 deletion(-)
fdae68
fdae68
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
fdae68
index 9b54a86..1328b8e 100644
fdae68
--- a/include/linux/netfilter/nf_tables.h
fdae68
+++ b/include/linux/netfilter/nf_tables.h
fdae68
@@ -707,10 +707,12 @@ enum nft_payload_bases {
fdae68
  *
fdae68
  * @NFT_PAYLOAD_CSUM_NONE: no checksumming
fdae68
  * @NFT_PAYLOAD_CSUM_INET: internet checksum (RFC 791)
fdae68
+ * @NFT_PAYLOAD_CSUM_SCTP: CRC-32c, for use in SCTP header (RFC 3309)
fdae68
  */
fdae68
 enum nft_payload_csum_types {
fdae68
 	NFT_PAYLOAD_CSUM_NONE,
fdae68
 	NFT_PAYLOAD_CSUM_INET,
fdae68
+	NFT_PAYLOAD_CSUM_SCTP,
fdae68
 };
fdae68
 
fdae68
 enum nft_payload_csum_flags {
fdae68
diff --git a/include/proto.h b/include/proto.h
fdae68
index fab48c1..436cbe3 100644
fdae68
--- a/include/proto.h
fdae68
+++ b/include/proto.h
fdae68
@@ -78,6 +78,7 @@ struct proto_hdr_template {
fdae68
 struct proto_desc {
fdae68
 	const char			*name;
fdae68
 	enum proto_bases		base;
fdae68
+	enum nft_payload_csum_types	checksum_type;
fdae68
 	unsigned int			checksum_key;
fdae68
 	unsigned int			protocol_key;
fdae68
 	unsigned int			length;
fdae68
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
fdae68
index cb1b7fe..606d97a 100644
fdae68
--- a/src/netlink_linearize.c
fdae68
+++ b/src/netlink_linearize.c
fdae68
@@ -937,7 +937,7 @@ static void netlink_gen_payload_stmt(struct netlink_linearize_ctx *ctx,
fdae68
 			   expr->len / BITS_PER_BYTE);
fdae68
 	if (csum_off) {
fdae68
 		nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_CSUM_TYPE,
fdae68
-				   NFT_PAYLOAD_CSUM_INET);
fdae68
+				   desc->checksum_type);
fdae68
 		nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_CSUM_OFFSET,
fdae68
 				   csum_off / BITS_PER_BYTE);
fdae68
 	}
fdae68
diff --git a/src/proto.c b/src/proto.c
fdae68
index 40ce590..8360abf 100644
fdae68
--- a/src/proto.c
fdae68
+++ b/src/proto.c
fdae68
@@ -345,6 +345,7 @@ const struct proto_desc proto_icmp = {
fdae68
 	.name		= "icmp",
fdae68
 	.base		= PROTO_BASE_TRANSPORT_HDR,
fdae68
 	.checksum_key	= ICMPHDR_CHECKSUM,
fdae68
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
fdae68
 	.templates	= {
fdae68
 		[ICMPHDR_TYPE]		= ICMPHDR_TYPE("type", &icmp_type_type, type),
fdae68
 		[ICMPHDR_CODE]		= ICMPHDR_TYPE("code", &icmp_code_type, code),
fdae68
@@ -397,6 +398,7 @@ const struct proto_desc proto_igmp = {
fdae68
 	.name		= "igmp",
fdae68
 	.base		= PROTO_BASE_TRANSPORT_HDR,
fdae68
 	.checksum_key	= IGMPHDR_CHECKSUM,
fdae68
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
fdae68
 	.templates	= {
fdae68
 		[IGMPHDR_TYPE]		= IGMPHDR_TYPE("type", &igmp_type_type, igmp_type),
fdae68
 		[IGMPHDR_MRT]		= IGMPHDR_FIELD("mrt", igmp_code),
fdae68
@@ -417,6 +419,7 @@ const struct proto_desc proto_udp = {
fdae68
 	.name		= "udp",
fdae68
 	.base		= PROTO_BASE_TRANSPORT_HDR,
fdae68
 	.checksum_key	= UDPHDR_CHECKSUM,
fdae68
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
fdae68
 	.templates	= {
fdae68
 		[UDPHDR_SPORT]		= INET_SERVICE("sport", struct udphdr, source),
fdae68
 		[UDPHDR_DPORT]		= INET_SERVICE("dport", struct udphdr, dest),
fdae68
@@ -474,6 +477,7 @@ const struct proto_desc proto_tcp = {
fdae68
 	.name		= "tcp",
fdae68
 	.base		= PROTO_BASE_TRANSPORT_HDR,
fdae68
 	.checksum_key	= TCPHDR_CHECKSUM,
fdae68
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
fdae68
 	.templates	= {
fdae68
 		[TCPHDR_SPORT]		= INET_SERVICE("sport", struct tcphdr, source),
fdae68
 		[TCPHDR_DPORT]		= INET_SERVICE("dport", struct tcphdr, dest),
fdae68
@@ -553,6 +557,8 @@ const struct proto_desc proto_dccp = {
fdae68
 const struct proto_desc proto_sctp = {
fdae68
 	.name		= "sctp",
fdae68
 	.base		= PROTO_BASE_TRANSPORT_HDR,
fdae68
+	.checksum_key	= SCTPHDR_CHECKSUM,
fdae68
+	.checksum_type  = NFT_PAYLOAD_CSUM_SCTP,
fdae68
 	.templates	= {
fdae68
 		[SCTPHDR_SPORT]		= INET_SERVICE("sport", struct sctphdr, source),
fdae68
 		[SCTPHDR_DPORT]		= INET_SERVICE("dport", struct sctphdr, dest),
fdae68
@@ -650,6 +656,7 @@ const struct proto_desc proto_ip = {
fdae68
 	.name		= "ip",
fdae68
 	.base		= PROTO_BASE_NETWORK_HDR,
fdae68
 	.checksum_key	= IPHDR_CHECKSUM,
fdae68
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
fdae68
 	.protocols	= {
fdae68
 		PROTO_LINK(IPPROTO_ICMP,	&proto_icmp),
fdae68
 		PROTO_LINK(IPPROTO_IGMP,	&proto_igmp),
fdae68
@@ -746,6 +753,7 @@ const struct proto_desc proto_icmp6 = {
fdae68
 	.name		= "icmpv6",
fdae68
 	.base		= PROTO_BASE_TRANSPORT_HDR,
fdae68
 	.checksum_key	= ICMP6HDR_CHECKSUM,
fdae68
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
fdae68
 	.templates	= {
fdae68
 		[ICMP6HDR_TYPE]		= ICMP6HDR_TYPE("type", &icmp6_type_type, icmp6_type),
fdae68
 		[ICMP6HDR_CODE]		= ICMP6HDR_TYPE("code", &icmpv6_code_type, icmp6_code),
fdae68
-- 
252916
2.31.1
fdae68