Commit 66a79a19 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: Fix HW checksum handling in ip_queue/ip6_queue

The checksum needs to be filled in on output, after mangling a packet
ip_summed needs to be reset.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 1344a416
...@@ -214,6 +214,12 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) ...@@ -214,6 +214,12 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
break; break;
case IPQ_COPY_PACKET: case IPQ_COPY_PACKET:
if (entry->skb->ip_summed == CHECKSUM_HW &&
(*errp = skb_checksum_help(entry->skb,
entry->info->outdev == NULL))) {
read_unlock_bh(&queue_lock);
return NULL;
}
if (copy_range == 0 || copy_range > entry->skb->len) if (copy_range == 0 || copy_range > entry->skb->len)
data_len = entry->skb->len; data_len = entry->skb->len;
else else
...@@ -385,6 +391,7 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) ...@@ -385,6 +391,7 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
if (!skb_ip_make_writable(&e->skb, v->data_len)) if (!skb_ip_make_writable(&e->skb, v->data_len))
return -ENOMEM; return -ENOMEM;
memcpy(e->skb->data, v->payload, v->data_len); memcpy(e->skb->data, v->payload, v->data_len);
e->skb->ip_summed = CHECKSUM_NONE;
e->skb->nfcache |= NFC_ALTERED; e->skb->nfcache |= NFC_ALTERED;
/* /*
......
...@@ -211,6 +211,12 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) ...@@ -211,6 +211,12 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
break; break;
case IPQ_COPY_PACKET: case IPQ_COPY_PACKET:
if (entry->skb->ip_summed == CHECKSUM_HW &&
(*errp = skb_checksum_help(entry->skb,
entry->info->outdev == NULL))) {
read_unlock_bh(&queue_lock);
return NULL;
}
if (copy_range == 0 || copy_range > entry->skb->len) if (copy_range == 0 || copy_range > entry->skb->len)
data_len = entry->skb->len; data_len = entry->skb->len;
else else
...@@ -381,6 +387,7 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) ...@@ -381,6 +387,7 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
if (!skb_ip_make_writable(&e->skb, v->data_len)) if (!skb_ip_make_writable(&e->skb, v->data_len))
return -ENOMEM; return -ENOMEM;
memcpy(e->skb->data, v->payload, v->data_len); memcpy(e->skb->data, v->payload, v->data_len);
e->skb->ip_summed = CHECKSUM_NONE;
e->skb->nfcache |= NFC_ALTERED; e->skb->nfcache |= NFC_ALTERED;
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment