On Thu, 15 Oct 2020 18:39:27 +0200 Pablo Neira Ayuso wrote: > From: Davide Caratti <dcaratti@xxxxxxxxxx> > > nftables payload statements are used to mangle SCTP headers, but they can > only replace the Internet Checksum. As a consequence, nftables rules that > mangle sport/dport/vtag in SCTP headers potentially generate packets that > are discarded by the receiver, unless the CRC-32C is "offloaded" (e.g the > rule mangles a skb having 'ip_summed' equal to 'CHECKSUM_PARTIAL'. > > Fix this extending uAPI definitions and L4 checksum update function, in a > way that userspace programs (e.g. nft) can instruct the kernel to compute > CRC-32C in SCTP headers. Also ensure that LIBCRC32C is built if NF_TABLES > is 'y' or 'm' in the kernel build configuration. > > Signed-off-by: Davide Caratti <dcaratti@xxxxxxxxxx> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > @Jakub: This is my last pending item in nf-next I think, I'm not planning to > send a pull request for a single patch, so please directly apply this > one to net-next. Thank you. Applied, thanks!
