[NETFILTER]: Fix HW checksum handling in ip_queue/ip6_queue
The checksum needs to be filled in on output, after mangling a packet ip_summed needs to be reset. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
1344a41637
commit
66a79a19a7
2 changed files with 14 additions and 0 deletions
|
@ -214,6 +214,12 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case IPQ_COPY_PACKET:
|
case IPQ_COPY_PACKET:
|
||||||
|
if (entry->skb->ip_summed == CHECKSUM_HW &&
|
||||||
|
(*errp = skb_checksum_help(entry->skb,
|
||||||
|
entry->info->outdev == NULL))) {
|
||||||
|
read_unlock_bh(&queue_lock);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
if (copy_range == 0 || copy_range > entry->skb->len)
|
if (copy_range == 0 || copy_range > entry->skb->len)
|
||||||
data_len = entry->skb->len;
|
data_len = entry->skb->len;
|
||||||
else
|
else
|
||||||
|
@ -385,6 +391,7 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
|
||||||
if (!skb_ip_make_writable(&e->skb, v->data_len))
|
if (!skb_ip_make_writable(&e->skb, v->data_len))
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
memcpy(e->skb->data, v->payload, v->data_len);
|
memcpy(e->skb->data, v->payload, v->data_len);
|
||||||
|
e->skb->ip_summed = CHECKSUM_NONE;
|
||||||
e->skb->nfcache |= NFC_ALTERED;
|
e->skb->nfcache |= NFC_ALTERED;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -211,6 +211,12 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case IPQ_COPY_PACKET:
|
case IPQ_COPY_PACKET:
|
||||||
|
if (entry->skb->ip_summed == CHECKSUM_HW &&
|
||||||
|
(*errp = skb_checksum_help(entry->skb,
|
||||||
|
entry->info->outdev == NULL))) {
|
||||||
|
read_unlock_bh(&queue_lock);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
if (copy_range == 0 || copy_range > entry->skb->len)
|
if (copy_range == 0 || copy_range > entry->skb->len)
|
||||||
data_len = entry->skb->len;
|
data_len = entry->skb->len;
|
||||||
else
|
else
|
||||||
|
@ -381,6 +387,7 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
|
||||||
if (!skb_ip_make_writable(&e->skb, v->data_len))
|
if (!skb_ip_make_writable(&e->skb, v->data_len))
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
memcpy(e->skb->data, v->payload, v->data_len);
|
memcpy(e->skb->data, v->payload, v->data_len);
|
||||||
|
e->skb->ip_summed = CHECKSUM_NONE;
|
||||||
e->skb->nfcache |= NFC_ALTERED;
|
e->skb->nfcache |= NFC_ALTERED;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in a new issue