lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20190520113119.GB6502@torres.zugschlus.de>
Date:   Mon, 20 May 2019 13:31:19 +0200
From:   Marc Haber <mh+netdev@...schlus.de>
To:     Florian Westphal <fw@...len.de>
Cc:     linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: Kernel 5.1 breaks UDP checksums for SIP packets

On Mon, May 20, 2019 at 12:28:02PM +0200, Florian Westphal wrote:
> Marc Haber <mh+netdev@...schlus.de> wrote:
> > when I update my Firewall from Kernel 5.0 to Kernel 5.1, SIP clients
> > that connect from the internal network to an external, commercial SIP
> > service do not work any more. When I trace beyond the NAT, I see that
> > the outgoing SIP packets have incorrect UDP checksums:
> 
> I'm a moron.  Can you please try this patch?
> 
> diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c
> --- a/net/netfilter/nf_nat_helper.c
> +++ b/net/netfilter/nf_nat_helper.c
> @@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
>  	if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
>  		return true;
>  
> -	nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP,
> +	nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP,
>  			   udph, &udph->check, datalen, oldlen);
>  
>  	return true;

Thanks for the lightning fast reaction. The patch indeed fixes the issue
for me, everything is online now, incoming and outgoing calls are
possible. Can you funnel that one to Greg please for the next stable
release?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ