From 6c7b3366eae8a912c56d1940ba221a1d7f8eb680 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Fri, 26 Apr 2013 10:21:16 +0200 Subject: src: add new GSO handling capabilities allows userspace to ask for large gso packets via nfqueue. Signed-off-by: Florian Westphal --- src/libnetfilter_queue.c | 17 +++++++++++++++++ src/nlmsg.c | 2 ++ 2 files changed, 19 insertions(+) (limited to 'src') diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 2894ccd..c59bc63 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -639,6 +639,23 @@ int nfq_set_mode(struct nfq_q_handle *qh, * - NFQA_CFG_F_CONNTRACK (requires Linux kernel >= 3.6): the kernel will * include the Connection Tracking system information. * + * - NFQA_CFG_F_GSO (requires Linux kernel >= 3.10): the kernel will + * not normalize offload packets, i.e. your application will need to + * be able to handle packets larger than the mtu (up to 64k). + * + * If your application validates checksums (e.g., tcp checksum), + * then you must also check if the NFQA_SKB_INFO attribute is present. + * If it is, you need to test the NFQA_SKB_CSUMNOTREADY bit: + * \verbatim + if (attr[NFQA_SKB_INFO]) { + uint32_t info = ntohl(mnl_attr_get_u32(attr[NFQA_SKB_INFO])); + if (info & NFQA_SKB_CSUMNOTREADY) + validate_checksums = false; + } +\endverbatim + * if this bit is set, the layer 3/4 checksums of the packet appear incorrect, + * but are not (because they will be corrected later by the kernel). + * * Here's a little code snippet to show how to use this API: * \verbatim uint32_t flags = NFQA_CFG_F_FAIL_OPEN; diff --git a/src/nlmsg.c b/src/nlmsg.c index 6c4a139..e7a30e0 100644 --- a/src/nlmsg.c +++ b/src/nlmsg.c @@ -132,6 +132,8 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) case NFQA_IFINDEX_OUTDEV: case NFQA_IFINDEX_PHYSINDEV: case NFQA_IFINDEX_PHYSOUTDEV: + case NFQA_CAP_LEN: + case NFQA_SKB_INFO: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) return MNL_CB_ERROR; break; -- cgit v1.2.3