csum_tcpudp_magic should not be called to compute checksum
for non-TCP/UDP packets, like ICMP with wrong checksum
Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx>
---
net/netfilter/utils.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c
index 51b454d8fa9c..72eace52874e 100644
--- a/net/netfilter/utils.c
+++ b/net/netfilter/utils.c
@@ -17,9 +17,12 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
case CHECKSUM_COMPLETE:
if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
break;
- if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP &&
- !csum_fold(skb->csum)) ||
- !csum_tcpudp_magic(iph->saddr, iph->daddr,
+ if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) {
+ if (!csum_fold(skb->csum)) {
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
+ break;
+ }
+ } else if (!csum_tcpudp_magic(iph->saddr, iph->daddr,
skb->len - dataoff, protocol,
skb->csum)) {
skb->ip_summed = CHECKSUM_UNNECESSARY;
--
2.16.2
