diff options
author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2007-05-24 11:32:53 +0000 |
---|---|---|
committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2007-05-24 11:32:53 +0000 |
commit | bc91f60fc288fe1fd0729f7bafe0596837c3e675 (patch) | |
tree | 5e36e8e4c64295ab5d9a30e8625358f2c6a876d7 | |
parent | eaae45fa65fdb559b5442dfe2da05a808c5c57ba (diff) | |
download | conntrack-tools-bc91f60fc288fe1fd0729f7bafe0596837c3e675.tar.gz conntrack-tools-bc91f60fc288fe1fd0729f7bafe0596837c3e675.zip |
simplify checksum code: use UDP/multicast checksum facilities
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | include/mcast.h | 1 | ||||
-rw-r--r-- | include/network.h | 1 | ||||
-rw-r--r-- | src/Makefile.am | 2 | ||||
-rw-r--r-- | src/checksum.c | 32 | ||||
-rw-r--r-- | src/mcast.c | 8 | ||||
-rw-r--r-- | src/network.c | 33 | ||||
-rw-r--r-- | src/read_config_yy.y | 3 |
8 files changed, 19 insertions, 69 deletions
@@ -1,4 +1,10 @@ -version 0.9.3 (yet unreleased) +version 0.9.4 (yet unreleased) +------------------------------ + += conntrackd = +o simplify checksum code: use UDP/multicast checksum facilities + +version 0.9.3 (2006/05/22) ------------------------------ = conntrackd = diff --git a/include/mcast.h b/include/mcast.h index 0f3e3cd..be1d0cd 100644 --- a/include/mcast.h +++ b/include/mcast.h @@ -7,6 +7,7 @@ struct mcast_conf { int ipproto; int backlog; int reuseaddr; + int checksum; unsigned short port; union { struct in_addr inet_addr; diff --git a/include/network.h b/include/network.h index dab50db..176274e 100644 --- a/include/network.h +++ b/include/network.h @@ -5,7 +5,6 @@ struct nlnetwork { u_int16_t flags; - u_int16_t checksum; u_int32_t seq; }; diff --git a/src/Makefile.am b/src/Makefile.am index 381f8ac..a67e09a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -16,7 +16,7 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c buffer.c \ cache_lifetime.c cache_timer.c \ sync-mode.c sync-notrack.c sync-nack.c \ traffic_stats.c stats-mode.c \ - network.c checksum.c \ + network.c \ state_helper.c state_helper_tcp.c \ read_config_yy.y read_config_lex.l diff --git a/src/checksum.c b/src/checksum.c deleted file mode 100644 index 41866ff..0000000 --- a/src/checksum.c +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Extracted from RFC 1071 with some minor changes to fix compilation on GCC, - * this can probably be improved - * --pablo 11/feb/07 - */ - -#include <conntrackd.h> - -unsigned short do_csum(const void *addr, unsigned int count) -{ - unsigned int sum = 0; - - /* checksumming disabled, just skip */ - if (CONFIG(flags) & DONT_CHECKSUM) - return 0; - - while(count > 1) { - /* This is the inner loop */ - sum += *((unsigned short *) addr++); - count -= 2; - } - - /* Add left-over byte, if any */ - if(count > 0) - sum += *((unsigned char *) addr); - - /* Fold 32-bit sum to 16 bits */ - while (sum>>16) - sum = (sum & 0xffff) + (sum >> 16); - - return ~sum; -} diff --git a/src/mcast.c b/src/mcast.c index 9904544..85992fb 100644 --- a/src/mcast.c +++ b/src/mcast.c @@ -192,6 +192,14 @@ struct mcast_sock *mcast_client_create(struct mcast_conf *conf) return NULL; } + if (setsockopt(m->fd, SOL_SOCKET, SO_NO_CHECK, &conf->checksum, + sizeof(int)) == -1) { + debug("mcast_sock_client_create:setsockopt1"); + close(m->fd); + free(m); + return NULL; + } + switch(conf->ipproto) { case AF_INET: ret = __mcast_client_create_ipv4(m, conf); diff --git a/src/network.c b/src/network.c index 51e89c7..d073428 100644 --- a/src/network.c +++ b/src/network.c @@ -60,9 +60,6 @@ int mcast_send_netmsg(struct mcast_sock *m, void *data) if (nlh_host2network(nlh) == -1) return -1; - net->checksum = 0; - net->checksum = ntohs(do_csum(data, len)); - return send_netmsg(m, data, len); } @@ -87,8 +84,6 @@ int mcast_resend_netmsg(struct mcast_sock *m, void *data) net->flags = htons(net->flags); net->seq = htonl(cur_seq++); - net->checksum = 0; - net->checksum = ntohs(do_csum(data, len)); return send_netmsg(m, data, len); } @@ -113,29 +108,10 @@ int mcast_send_error(struct mcast_sock *m, void *data) net->flags = htons(net->flags); net->seq = htonl(cur_seq++); - net->checksum = 0; - net->checksum = ntohs(do_csum(data, len)); return send_netmsg(m, data, len); } -static int valid_checksum(void *data, unsigned int len) -{ - struct nlnetwork *net = data; - unsigned short checksum, tmp; - - checksum = ntohs(net->checksum); - - /* no checksum, skip */ - if (!checksum) - return 1; - - net->checksum = 0; - tmp = do_csum(data, len); - - return tmp == checksum; -} - int mcast_recv_netmsg(struct mcast_sock *m, void *data, int len) { int ret; @@ -161,9 +137,6 @@ int mcast_recv_netmsg(struct mcast_sock *m, void *data, int len) if (ret < sizeof(struct nlnetwork_ack)) return -1; - if (!valid_checksum(data, ret)) - return -1; - /* host byte order conversion */ net->flags = ntohs(net->flags); net->seq = ntohl(net->seq); @@ -176,9 +149,6 @@ int mcast_recv_netmsg(struct mcast_sock *m, void *data, int len) } if (ntohs(net->flags) & NET_RESYNC) { - if (!valid_checksum(data, ret)) - return -1; - /* host byte order conversion */ net->flags = ntohs(net->flags); net->seq = ntohl(net->seq); @@ -209,9 +179,6 @@ int mcast_recv_netmsg(struct mcast_sock *m, void *data, int len) if (nfhdr->version != NFNETLINK_V0) return -1; - if (!valid_checksum(data, ret)) - return -1; - /* host byte order conversion */ net->flags = ntohs(net->flags); net->seq = ntohl(net->seq); diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 1668919..988b540 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -104,11 +104,12 @@ timeout: T_TIMEOUT T_NUMBER checksum: T_CHECKSUM T_ON { + conf.mcast.checksum = 0; }; checksum: T_CHECKSUM T_OFF { - conf.flags |= DONT_CHECKSUM; + conf.mcast.checksum = 1; }; ignore_traffic : T_IGNORE_TRAFFIC '{' ignore_traffic_options '}'; |