diff options
author | Yossi Kuperman <yossiku@mellanox.com> | 2017-08-01 12:49:06 +0300 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2017-08-02 11:00:15 +0200 |
commit | e9cba69448df7686e1c35e74be48fc715d41ac45 (patch) | |
tree | 4b3931944d089bc8c5c5f16f29a1a46c62d46048 | |
parent | e51a64727079f46fc3a99f380de384d5ab01fffa (diff) | |
download | linux-e9cba69448df7686e1c35e74be48fc715d41ac45.tar.gz linux-e9cba69448df7686e1c35e74be48fc715d41ac45.tar.bz2 linux-e9cba69448df7686e1c35e74be48fc715d41ac45.zip |
xfrm6: Fix CHECKSUM_COMPLETE after IPv6 header push
xfrm6_transport_finish rebuilds the IPv6 header based on the
original one and pushes it back without fixing skb->csum.
Therefore, CHECKSUM_COMPLETE is no longer valid and the packet
gets dropped.
Fix skb->csum by calling skb_postpush_rcsum.
Note: A valid IPv4 header has checksum 0, unlike IPv6. Thus,
the change is not needed in the sibling xfrm4_transport_finish
function.
Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Ilan Tayari <ilant@mellanox.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
-rw-r--r-- | net/ipv6/xfrm6_input.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index 3ef5d913e7a3..f95943a13abc 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c @@ -34,6 +34,7 @@ EXPORT_SYMBOL(xfrm6_rcv_spi); int xfrm6_transport_finish(struct sk_buff *skb, int async) { struct xfrm_offload *xo = xfrm_offload(skb); + int nhlen = skb->data - skb_network_header(skb); skb_network_header(skb)[IP6CB(skb)->nhoff] = XFRM_MODE_SKB_CB(skb)->protocol; @@ -43,8 +44,9 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async) return 1; #endif - __skb_push(skb, skb->data - skb_network_header(skb)); + __skb_push(skb, nhlen); ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); + skb_postpush_rcsum(skb, skb_network_header(skb), nhlen); if (xo && (xo->flags & XFRM_GRO)) { skb_mac_header_rebuild(skb); |