lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 May 2019 13:31:19 +0200 From: Marc Haber <mh+netdev@...schlus.de> To: Florian Westphal <fw@...len.de> Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: Kernel 5.1 breaks UDP checksums for SIP packets On Mon, May 20, 2019 at 12:28:02PM +0200, Florian Westphal wrote: > Marc Haber <mh+netdev@...schlus.de> wrote: > > when I update my Firewall from Kernel 5.0 to Kernel 5.1, SIP clients > > that connect from the internal network to an external, commercial SIP > > service do not work any more. When I trace beyond the NAT, I see that > > the outgoing SIP packets have incorrect UDP checksums: > > I'm a moron. Can you please try this patch? > > diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c > --- a/net/netfilter/nf_nat_helper.c > +++ b/net/netfilter/nf_nat_helper.c > @@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb, > if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL) > return true; > > - nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP, > + nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP, > udph, &udph->check, datalen, oldlen); > > return true; Thanks for the lightning fast reaction. The patch indeed fixes the issue for me, everything is online now, incoming and outgoing calls are possible. Can you funnel that one to Greg please for the next stable release? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Powered by blists - more mailing lists