On Thu, Oct 15, 2020 at 06:16:51PM +0200, Florian Westphal wrote: > From: Davide Caratti <dcaratti@xxxxxxxxxx> > > nftables payload statements are used to mangle SCTP headers, but they can > only replace the Internet Checksum. As a consequence, nftables rules that > mangle sport/dport/vtag in SCTP headers potentially generate packets that > are discarded by the receiver, unless the CRC-32C is "offloaded" (e.g the > rule mangles a skb having 'ip_summed' equal to 'CHECKSUM_PARTIAL'. > > Fix this extending uAPI definitions and L4 checksum update function, in a > way that userspace programs (e.g. nft) can instruct the kernel to compute > CRC-32C in SCTP headers. Also ensure that LIBCRC32C is built if NF_TABLES > is 'y' or 'm' in the kernel build configuration. I have just passed up this to net-next to help improve chances this hits upstream in this merge window. Thanks.