skb->csum is updated incorrectly, when manipulation for NF_NAT_MANIP_SRC\DST
is done on IPV6 packet.
Fix:
There is no need to update skb->csum in inet_proto_csum_replace16(), because
update in two fields a.) IPv6 src/dst address and b.) L4 header checksum
cancels each other for skb->csum calculation.
Whereas inet_proto_csum_replace4 function needs to update skb->csum,
because update in 3 fields a.) IPv4 src/dst address, b.) IPv4 Header checksum
and c.) L4 header checksum results in same diff as L4 Header checksum for
skb->csum calculation.
Signed-off-by: Praveen Chaudhary <pchaudhary@xxxxxxxxxxxx>
Signed-off-by: Zhenggen Xu <zxu@xxxxxxxxxxxx>
Signed-off-by: Andy Stracner <astracner@xxxxxxxxxxxx>
Reviewed-by: Florian Westphal <fw@xxxxxxxxx>
---
Changes in V2.
1.) Updating diff as per email discussion with Florian Westphal.
Since inet_proto_csum_replace16() does incorrect calculation
for skb->csum in all cases.
2.) Change in Commmit logs.
---
---
Changes in V3.
Addressing Pablo`s Suggesion.
1.) Updated Subject and description
2.) Added full documentation of function.
---
---
Changes in V4.
Addressing Daniel`s Suggesion.
1.) Updated Commit Message.
2.) Updated documentation of function to include, why inet_proto_csum_replace4
needs to update skb->csum.
---
---
net/core/utils.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/net/core/utils.c b/net/core/utils.c
index 6b6e51d..e2f8290 100644
--- a/net/core/utils.c
+++ b/net/core/utils.c
@@ -438,6 +438,25 @@ void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
}
EXPORT_SYMBOL(inet_proto_csum_replace4);
+/**
+ * inet_proto_csum_replace16 - update L4 header checksum field as per the
+ * update in IPv6 src/dst address.
+ * Note: there is no need to update skb->csum in this function, because
+ * update in two fields a.) IPv6 src/dst address and b.) L4 header checksum
+ * cancels each other for skb->csum calculation.
+ * Whereas inet_proto_csum_replace4 function needs to update skb->csum,
+ * because update in 3 fields a.) IPv4 src/dst address, b.) IPv4 Header checksum
+ * and c.) L4 header checksum results in same diff as L4 Header checksum for
+ * skb->csum calculation.
+ *
+ * @sum: L4 header checksum field
+ * @skb: sk_buff for the packet
+ * @from: old IPv6 address
+ * @to: new IPv6 address
+ * @pseudohdr: True if L4 header checksum includes pseudoheader
+ *
+ * Return void
+ */
void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb,
const __be32 *from, const __be32 *to,
bool pseudohdr)
@@ -449,9 +468,6 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb,
if (skb->ip_summed != CHECKSUM_PARTIAL) {
*sum = csum_fold(csum_partial(diff, sizeof(diff),
~csum_unfold(*sum)));
- if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr)
- skb->csum = ~csum_partial(diff, sizeof(diff),
- ~skb->csum);
} else if (pseudohdr)
*sum = ~csum_fold(csum_partial(diff, sizeof(diff),
csum_unfold(*sum)));
--
2.7.4
