On Wed, Aug 22, 2018 at 11:33:27AM +0200, Florian Westphal wrote: > Satish Patel reports a skb_warn_bad_offload() splat caused > by -j CHECKSUM rules: > > -A POSTROUTING -p tcp -m tcp --sport 80 -j CHECKSUM > > The CHECKSUM target has never worked with GSO skbs, and the above rule > makes no sense as kernel will handle checksum updates on transmit. > > Unfortunately, there are 3rd party tools that install such rules, so we > cannot reject this from the config plane without potential breakage. > > Amend Kconfig text to clarify that the CHECKSUM target is only useful > in virtualized environments, where old dhcp clients that use AF_PACKET > used to discard UDP packets with a 'bad' header checksum and add a > one-time warning in case such rule isn't restricted to UDP. > > v2: check IP6T_F_PROTO flag before cmp (Michal Kubecek) Applied, thanks.
