netfilter: nftables: allow re-computing sctp CRC-32C in 'payload' statements

nftables payload statements are used to mangle SCTP headers, but they can only replace the Internet Checksum. As a consequence, nftables rules that mangle sport/dport/vtag in SCTP headers potentially generate packets that are discarded by the receiver, unless the CRC-32C is "offloaded" (e.g the rule mangles a skb having 'ip_summed' equal to 'CHECKSUM_PARTIAL'. Fix this extending uAPI definitions and L4 checksum update function, in a way that userspace programs (e.g. nft) can instruct the kernel to compute CRC-32C in SCTP headers. Also ensure that LIBCRC32C is built if NF_TABLES is 'y' or 'm' in the kernel build configuration. Signed-off-by: Davide Caratti <dcaratti@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Davide Caratti <dcaratti@redhat.com> 2020-10-15 18:39:27 +0200
committer: Jakub Kicinski <kuba@kernel.org> 2020-10-15 11:45:19 -0700
commit: 346e320cb2103edef709c4466a29140c4a8e527a (patch)
tree: 405af21ad80b77a0bfda44fa68bbf92051c9c979 /net/netfilter/Kconfig
parent: 54086c5a7f159749bc521706bae329cbce3971e9 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 25313c29d799..52370211e46b 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -441,6 +441,7 @@ endif # NF_CONNTRACK
 
 config NF_TABLES
 	select NETFILTER_NETLINK
+	select LIBCRC32C
 	tristate "Netfilter nf_tables support"
 	help
 	  nftables is the new packet classification framework that intends to
author	Davide Caratti <dcaratti@redhat.com>	2020-10-15 18:39:27 +0200
committer	Jakub Kicinski <kuba@kernel.org>	2020-10-15 11:45:19 -0700
commit	346e320cb2103edef709c4466a29140c4a8e527a (patch)
tree	405af21ad80b77a0bfda44fa68bbf92051c9c979 /net/netfilter/Kconfig
parent	54086c5a7f159749bc521706bae329cbce3971e9 (diff)