| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240819111745.129190-1-amy.saq@antgroup.com> Date: Mon, 19 Aug 2024 19:17:41 +0800 From: "沈安琪(凛玥)" <amy.saq@...group.com> To: netdev@...r.kernel.org Cc: "沈安琪(凛玥)" <amy.saq@...group.com>, "David S. Miller" <davem@...emloft.net>, "Eric Dumazet" <edumazet@...gle.com>, "Jakub Kicinski" <kuba@...nel.org>, "Paolo Abeni" <pabeni@...hat.com>, <linux-kernel@...r.kernel.org> Subject: [PATCH] net: fix csum calculation for encapsulated packets This commit fixes the issue that when a packet is encapsulated, such as sending through a UDP tunnel, the outer TCP/UDP checksum is not correctly recalculated if (1) checksum has been offloaded to hardware and (2) encapsulated packet has been NAT-ed again, which causes the packet being dropped due to the invalid outer checksum. Previously, when an encapsulated packet met some NAT rules and its src/dst ip and/or src/dst port has been modified, inet_proto_csum_replace4 will be invoked to recalculated the outer checksum. However, if the packet is under the following condition: (1) checksum offloaded to hardware and (2) NAT rule has changed the src/dst port, its outer checksum will not be recalculated, since (1) skb->ip_summed is set to CHECKSUM_PARTIAL due to csum offload and (2) pseudohdr is set to false since port number is not part of pseudo header. This leads to the outer TCP/UDP checksum invalid since it does not change along with the port number change. In this commit, another condition has been added to recalculate outer checksum: if (1) the packet is encapsulated, (2) checksum has been offloaded, (3) the encapsulated packet has been NAT-ed to change port number and (4) outer checksum is needed, the outer checksum for encapsulated packet will be recalculated to make sure it is valid. Signed-off-by: Anqi Shen <amy.saq@...group.com> --- net/core/utils.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/core/utils.c b/net/core/utils.c index c994e95172ac..d9de60e9b347 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -435,6 +435,8 @@ void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb, *sum = ~csum_fold(csum_add(csum_sub(csum_unfold(*sum), (__force __wsum)from), (__force __wsum)to)); + else if (skb->encapsulation && !!(*sum)) + csum_replace4(sum, from, to); } EXPORT_SYMBOL(inet_proto_csum_replace4); -- 2.19.1.6.gb485710b
Powered by blists - more mailing lists