From owner-svn-src-head@freebsd.org  Sat Feb 18 19:53:39 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 436CBCE52AD;
 Sat, 18 Feb 2017 19:53:39 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 130D9FE0;
 Sat, 18 Feb 2017 19:53:39 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1IJrctY079536;
 Sat, 18 Feb 2017 19:53:38 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1IJrc3k079535;
 Sat, 18 Feb 2017 19:53:38 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201702181953.v1IJrc3k079535@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Sat, 18 Feb 2017 19:53:38 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r313922 - head/sys/netipsec
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Feb 2017 19:53:39 -0000

Author: ae
Date: Sat Feb 18 19:53:37 2017
New Revision: 313922
URL: https://svnweb.freebsd.org/changeset/base/313922

Log:
  For translated packets do not adjust UDP checksum if it is zero.
  
  In case when decrypted and decapsulated packet is an UDP datagram,
  check that its checksum is not zero before doing incremental checksum
  adjustment.
  
  Reported by:	Eugene Grosbein
  Tested by:	Eugene Grosbein

Modified:
  head/sys/netipsec/udpencap.c

Modified: head/sys/netipsec/udpencap.c
==============================================================================
--- head/sys/netipsec/udpencap.c	Sat Feb 18 19:19:08 2017	(r313921)
+++ head/sys/netipsec/udpencap.c	Sat Feb 18 19:53:37 2017	(r313922)
@@ -266,6 +266,9 @@ udp_ipsec_adjust_cksum(struct mbuf *m, s
 			/* Incrementally recompute. */
 			m_copydata(m, skip + off, sizeof(cksum),
 			    (caddr_t)&cksum);
+			/* Do not adjust UDP checksum if it is zero. */
+			if (proto == IPPROTO_UDP && cksum == 0)
+				return;
 			cksum = in_addword(cksum, sav->natt->cksum);
 		} else {
 			/* No OA from IKEd. */