[PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16().

Praveen Chaudhary <praveen5582@xxxxxxxxx> · Wed, 6 Nov 2019 14:52:09 -0800

skb->csum is updated incorrectly, when manipulation for NF_NAT_MANIP_SRC\DST
is done on IPV6 packet.

Fix:
No need to update skb->csum in function inet_proto_csum_replace16(), even if
skb->ip_summed == CHECKSUM_COMPLETE, because change in L4 header checksum field
and change in IPV6 header cancels each other for skb->csum calculation.

Signed-off-by: Praveen Chaudhary <pchaudhary@xxxxxxxxxxxx>
Signed-off-by: Zhenggen Xu <zxu@xxxxxxxxxxxx>
Signed-off-by: Andy Stracner <astracner@xxxxxxxxxxxx>

Reviewed-by: Florian Westphal <fw@xxxxxxxxx>
---
Changes in V2.
1.) Updating diff as per email discussion with Florian Westphal.
    Since inet_proto_csum_replace16() does incorrect calculation
    for skb->csum in all cases.
2.) Change in Commmit logs.
---

---
Changes in V3.
Addressing Pablo`s Suggesion.
1.) Updated Subject and description
2.) Added full documentation of function.
---
---
 net/core/utils.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/net/core/utils.c b/net/core/utils.c
index 6b6e51d..af3b5cb 100644
--- a/net/core/utils.c
+++ b/net/core/utils.c
@@ -438,6 +438,21 @@ void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
 }
 EXPORT_SYMBOL(inet_proto_csum_replace4);
 
+/**
+ * inet_proto_csum_replace16 - update L4 header checksum field as per the
+ * update in IPv6 Header. Note, there is no need to update skb->csum in this
+ * function, even if skb->ip_summed == CHECKSUM_COMPLETE, because change in L4
+ * header checksum field and change in IPV6 header cancels each other for
+ * skb->csum calculation.
+ *
+ * @sum: L4 header checksum field
+ * @skb: sk_buff for the packet
+ * @from: old IPv6 address
+ * @to: new IPv6 address
+ * @pseudohdr: True if L4 header checksum includes pseudoheader
+ *
+ * Return void
+ */
 void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb,
 			       const __be32 *from, const __be32 *to,
 			       bool pseudohdr)
@@ -449,9 +464,6 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb,
 	if (skb->ip_summed != CHECKSUM_PARTIAL) {
 		*sum = csum_fold(csum_partial(diff, sizeof(diff),
 				 ~csum_unfold(*sum)));
-		if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr)
-			skb->csum = ~csum_partial(diff, sizeof(diff),
-						  ~skb->csum);
 	} else if (pseudohdr)
 		*sum = ~csum_fold(csum_partial(diff, sizeof(diff),
 				  csum_unfold(*sum)));
-- 
2.7.4







