From: Florian Westphal <fw@xxxxxxxxx>
This reverts commit 5bed9f3f63f8f9d2b1758c24640cbf77b5377511.
Gal Presman says:
this patch broke geneve tunnels, or possibly all udp tunnels?
A simple test that creates two geneve tunnels and runs tcp iperf fails
and results in checksum errors (TcpInCsumErrors).
Original commit wanted to fix nf_reject with zero checksum,
so it appears better to change nf reject infra instead.
Fixes: 5bed9f3f63f8f ("netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY")
Reported-by: Gal Pressman <gal@xxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
net/netfilter/nf_conntrack_proto_udp.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 12f793d8fe0c..3b516cffc779 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -63,10 +63,8 @@ static bool udp_error(struct sk_buff *skb,
}
/* Packet with no checksum */
- if (!hdr->check) {
- skb->ip_summed = CHECKSUM_UNNECESSARY;
+ if (!hdr->check)
return false;
- }
/* Checksum invalid? Ignore.
* We skip checking packets on the outgoing path
--
2.30.2
