James Dykman
2006-Feb-08 20:03 UTC
[Xen-devel] [PATCH] [BUG 447] Fix checksum errors when DNAT modifies port numbers
The NAT checksum fixes in patches/linux-2.6.16-rc2/net-csum.patch do not
work when port numbers are modified (bug 447).
tcp_manip_pkt()/udp_manip_pkt() modify the protocol checksum to reflect
the changes to ip addresses and port numbers.
When dev_queue_xmit() finds a message with proto_csum_blank set, it
calculates a new tcp/udp checksum that includes
both the modified port numbers and the modified protocol checksum field...
so the change to the port numbers affects the
protocol checksum twice.
This patch modifies net-csum.patch to remove the checksum mangling for
port numbers in tcp_manip_pkt()/udp_manip_pkt()
Jim
Signed-off-by: Jim Dykman <dykman@us.ibm.com>
diff -r 57e6d7218427 patches/linux-2.6.16-rc2/net-csum.patch
--- a/patches/linux-2.6.16-rc2/net-csum.patch Fri Feb 3 18:45:14 2006
+++ b/patches/linux-2.6.16-rc2/net-csum.patch Wed Feb 8 13:37:28 2006
@@ -1,16 +1,14 @@
diff -pruN
../pristine-linux-2.6.16-rc1-git4/net/ipv4/netfilter/ip_nat_proto_tcp.c
./net/ipv4/netfilter/ip_nat_proto_tcp.c
---
../pristine-linux-2.6.16-rc1-git4/net/ipv4/netfilter/ip_nat_proto_tcp.c
2006-02-02 17:39:51.000000000 +0000
+++ ./net/ipv4/netfilter/ip_nat_proto_tcp.c 2006-02-02
17:44:18.000000000 +0000
-@@ -129,10 +129,16 @@ tcp_manip_pkt(struct sk_buff **pskb,
+@@ -129,10 +129,14 @@ tcp_manip_pkt(struct sk_buff **pskb,
if (hdrsize < sizeof(*hdr))
return 1;
- hdr->check = ip_nat_cheat_check(~oldip, newip,
+ if ((*pskb)->proto_csum_blank) {
-+ hdr->check = ip_nat_cheat_check(oldip, ~newip,
-+ ip_nat_cheat_check(oldport ^ 0xFFFF,
-+ newport, hdr->check));
-+ } else {
++ hdr->check = ip_nat_cheat_check(oldip, ~newip,
hdr->check);
++ } else {
+ hdr->check = ip_nat_cheat_check(~oldip, newip,
ip_nat_cheat_check(oldport ^
0xFFFF,
newport,
@@ -18,22 +16,19 @@
+ }
return 1;
}
-
+
diff -pruN
../pristine-linux-2.6.16-rc1-git4/net/ipv4/netfilter/ip_nat_proto_udp.c
./net/ipv4/netfilter/ip_nat_proto_udp.c
---
../pristine-linux-2.6.16-rc1-git4/net/ipv4/netfilter/ip_nat_proto_udp.c
2006-02-02 17:39:51.000000000 +0000
+++ ./net/ipv4/netfilter/ip_nat_proto_udp.c 2006-02-02
17:44:18.000000000 +0000
-@@ -113,11 +113,19 @@ udp_manip_pkt(struct sk_buff **pskb,
+@@ -113,11 +113,16 @@ udp_manip_pkt(struct sk_buff **pskb,
newport = tuple->dst.u.udp.port;
portptr = &hdr->dest;
}
- if (hdr->check) /* 0 is a special case meaning no checksum */
- hdr->check = ip_nat_cheat_check(~oldip, newip,
-+
+ if (hdr->check) { /* 0 is a special case meaning no checksum */
+ if ((*pskb)->proto_csum_blank) {
-+ hdr->check = ip_nat_cheat_check(oldip, ~newip,
-+ ip_nat_cheat_check(*portptr ^
0xFFFF,
-+ newport, hdr->check));
++ hdr->check = ip_nat_cheat_check(oldip, ~newip,
hdr->check);
+ } else {
+ hdr->check = ip_nat_cheat_check(~oldip, newip,
ip_nat_cheat_check(*portptr ^
0xFFFF,
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Keir Fraser
2006-Feb-08 23:24 UTC
Re: [Xen-devel] [PATCH] [BUG 447] Fix checksum errors when DNAT modifies port numbers
On 8 Feb 2006, at 20:03, James Dykman wrote:> This patch modifies net-csum.patch to remove the checksum mangling for > port numbers in tcp_manip_pkt()/udp_manip_pkt() > > Jim > > Signed-off-by: Jim Dykman <dykman@us.ibm.com>Nice to see it''s a net reduction in code as well as fixing the bug. :-) -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel