summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYossi Kuperman <yossiku@mellanox.com>2017-08-01 12:49:06 +0300
committerSteffen Klassert <steffen.klassert@secunet.com>2017-08-02 11:00:15 +0200
commite9cba69448df7686e1c35e74be48fc715d41ac45 (patch)
tree4b3931944d089bc8c5c5f16f29a1a46c62d46048
parente51a64727079f46fc3a99f380de384d5ab01fffa (diff)
downloadlinux-e9cba69448df7686e1c35e74be48fc715d41ac45.tar.gz
linux-e9cba69448df7686e1c35e74be48fc715d41ac45.tar.bz2
linux-e9cba69448df7686e1c35e74be48fc715d41ac45.zip
xfrm6: Fix CHECKSUM_COMPLETE after IPv6 header push
xfrm6_transport_finish rebuilds the IPv6 header based on the original one and pushes it back without fixing skb->csum. Therefore, CHECKSUM_COMPLETE is no longer valid and the packet gets dropped. Fix skb->csum by calling skb_postpush_rcsum. Note: A valid IPv4 header has checksum 0, unlike IPv6. Thus, the change is not needed in the sibling xfrm4_transport_finish function. Signed-off-by: Yossi Kuperman <yossiku@mellanox.com> Signed-off-by: Ilan Tayari <ilant@mellanox.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
-rw-r--r--net/ipv6/xfrm6_input.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index 3ef5d913e7a3..f95943a13abc 100644
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -34,6 +34,7 @@ EXPORT_SYMBOL(xfrm6_rcv_spi);
int xfrm6_transport_finish(struct sk_buff *skb, int async)
{
struct xfrm_offload *xo = xfrm_offload(skb);
+ int nhlen = skb->data - skb_network_header(skb);
skb_network_header(skb)[IP6CB(skb)->nhoff] =
XFRM_MODE_SKB_CB(skb)->protocol;
@@ -43,8 +44,9 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
return 1;
#endif
- __skb_push(skb, skb->data - skb_network_header(skb));
+ __skb_push(skb, nhlen);
ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
+ skb_postpush_rcsum(skb, skb_network_header(skb), nhlen);
if (xo && (xo->flags & XFRM_GRO)) {
skb_mac_header_rebuild(skb);