1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NF_REJECT_H 3 #define _NF_REJECT_H 4 5 #include <linux/types.h> 6 #include <uapi/linux/in.h> 7 8 static inline bool nf_reject_verify_csum(struct sk_buff *skb, int dataoff, 9 __u8 proto) 10 { 11 /* Skip protocols that don't use 16-bit one's complement checksum 12 * of the entire payload. 13 */ 14 switch (proto) { 15 /* Protocols with optional checksums. */ 16 case IPPROTO_UDP: { 17 const struct udphdr *udp_hdr; 18 struct udphdr _udp_hdr; 19 20 udp_hdr = skb_header_pointer(skb, dataoff, 21 sizeof(_udp_hdr), 22 &_udp_hdr); 23 if (!udp_hdr || udp_hdr->check) 24 return true; 25 26 return false; 27 } 28 case IPPROTO_GRE: 29 30 /* Protocols with other integrity checks. */ 31 case IPPROTO_AH: 32 case IPPROTO_ESP: 33 case IPPROTO_SCTP: 34 35 /* Protocols with partial checksums. */ 36 case IPPROTO_UDPLITE: 37 case IPPROTO_DCCP: 38 return false; 39 } 40 return true; 41 } 42 43 #endif /* _NF_REJECT_H */ 44