On Fri, Jul 09, 2010 at 03:18:14PM +0800, Herbert Xu wrote: > On Fri, Jul 09, 2010 at 01:29:13AM +0300, Michael S. Tsirkin wrote: > > This adds a `CHECKSUM' target, which can be used in the iptables mangle > > table. > > > > You can use this target to compute and fill in the checksum in > > an IP packet that lacks a checksum. This is particularly useful, > > if you need to work around old applications such as dhcp clients, > > that do not work well with checksum offloads, but don't want to > > disable checksum offload in your device. > > > > The problem happens in the field with virtualized applications. > > For reference, see Red Hat bz 605555, as well as > > http://www.spinics.net/lists/kvm/msg37660.html > > > > Typical expected use (helps old dhclient binary running in a VM): > > iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM > > --checksum-fill > > > > Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx> > > I'd think that this target would be protocol-agnostic, no? Meaning it should go into net/netfilter/? Will do. > Cheers, > -- > Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html