Date: Sat, 18 Feb 2017 19:53:38 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r313922 - head/sys/netipsec Message-ID: <201702181953.v1IJrc3k079535@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Sat Feb 18 19:53:37 2017 New Revision: 313922 URL: https://svnweb.freebsd.org/changeset/base/313922 Log: For translated packets do not adjust UDP checksum if it is zero. In case when decrypted and decapsulated packet is an UDP datagram, check that its checksum is not zero before doing incremental checksum adjustment. Reported by: Eugene Grosbein Tested by: Eugene Grosbein Modified: head/sys/netipsec/udpencap.c Modified: head/sys/netipsec/udpencap.c ============================================================================== --- head/sys/netipsec/udpencap.c Sat Feb 18 19:19:08 2017 (r313921) +++ head/sys/netipsec/udpencap.c Sat Feb 18 19:53:37 2017 (r313922) @@ -266,6 +266,9 @@ udp_ipsec_adjust_cksum(struct mbuf *m, s /* Incrementally recompute. */ m_copydata(m, skip + off, sizeof(cksum), (caddr_t)&cksum); + /* Do not adjust UDP checksum if it is zero. */ + if (proto == IPPROTO_UDP && cksum == 0) + return; cksum = in_addword(cksum, sav->natt->cksum); } else { /* No OA from IKEd. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702181953.v1IJrc3k079535>