All of lore.kernel.org
 help / color / mirror / Atom feed
From: Praveen Chaudhary <praveen5582@gmail.com>
To: fw@strlen.de, pablo@netfilter.org, davem@davemloft.net,
	kadlec@netfilter.org, netfilter-devel@vger.kernel.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Zhenggen Xu <zxu@linkedin.com>, Andy Stracner <astracner@linkedin.com>
Subject: [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16().
Date: Wed,  6 Nov 2019 14:52:09 -0800	[thread overview]
Message-ID: <1573080729-3102-2-git-send-email-pchaudhary@linkedin.com> (raw)
In-Reply-To: <1573080729-3102-1-git-send-email-pchaudhary@linkedin.com>

skb->csum is updated incorrectly, when manipulation for NF_NAT_MANIP_SRC\DST
is done on IPV6 packet.

Fix:
No need to update skb->csum in function inet_proto_csum_replace16(), even if
skb->ip_summed == CHECKSUM_COMPLETE, because change in L4 header checksum field
and change in IPV6 header cancels each other for skb->csum calculation.

Signed-off-by: Praveen Chaudhary <pchaudhary@linkedin.com>
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
Signed-off-by: Andy Stracner <astracner@linkedin.com>

Reviewed-by: Florian Westphal <fw@strlen.de>
---
Changes in V2.
1.) Updating diff as per email discussion with Florian Westphal.
    Since inet_proto_csum_replace16() does incorrect calculation
    for skb->csum in all cases.
2.) Change in Commmit logs.
---

---
Changes in V3.
Addressing Pablo`s Suggesion.
1.) Updated Subject and description
2.) Added full documentation of function.
---
---
 net/core/utils.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/net/core/utils.c b/net/core/utils.c
index 6b6e51d..af3b5cb 100644
--- a/net/core/utils.c
+++ b/net/core/utils.c
@@ -438,6 +438,21 @@ void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
 }
 EXPORT_SYMBOL(inet_proto_csum_replace4);
 
+/**
+ * inet_proto_csum_replace16 - update L4 header checksum field as per the
+ * update in IPv6 Header. Note, there is no need to update skb->csum in this
+ * function, even if skb->ip_summed == CHECKSUM_COMPLETE, because change in L4
+ * header checksum field and change in IPV6 header cancels each other for
+ * skb->csum calculation.
+ *
+ * @sum: L4 header checksum field
+ * @skb: sk_buff for the packet
+ * @from: old IPv6 address
+ * @to: new IPv6 address
+ * @pseudohdr: True if L4 header checksum includes pseudoheader
+ *
+ * Return void
+ */
 void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb,
 			       const __be32 *from, const __be32 *to,
 			       bool pseudohdr)
@@ -449,9 +464,6 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb,
 	if (skb->ip_summed != CHECKSUM_PARTIAL) {
 		*sum = csum_fold(csum_partial(diff, sizeof(diff),
 				 ~csum_unfold(*sum)));
-		if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr)
-			skb->csum = ~csum_partial(diff, sizeof(diff),
-						  ~skb->csum);
 	} else if (pseudohdr)
 		*sum = ~csum_fold(csum_partial(diff, sizeof(diff),
 				  csum_unfold(*sum)));
-- 
2.7.4


  reply	other threads:[~2019-11-06 22:52 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-06 22:52 [PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16() Praveen Chaudhary
2019-11-06 22:52 ` Praveen Chaudhary [this message]
2020-01-22 10:17   ` Daniel Borkmann
2020-01-22 11:43     ` Florian Westphal
2020-01-22 16:22       ` Daniel Borkmann
2020-01-23  8:21         ` Florian Westphal
2020-01-23 14:20           ` Daniel Borkmann
2020-01-23 14:29             ` Florian Westphal
2020-01-23 20:33               ` [PATCH v4] " Praveen Chaudhary
2020-01-23 20:33                 ` Praveen Chaudhary
2020-01-24 19:04                   ` Pablo Neira Ayuso
2020-01-23 20:50               ` [PATCH v3] " Praveen Chaudhary
2020-01-22  5:51 ` Praveen Chaudhary

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1573080729-3102-2-git-send-email-pchaudhary@linkedin.com \
    --to=praveen5582@gmail.com \
    --cc=astracner@linkedin.com \
    --cc=davem@davemloft.net \
    --cc=fw@strlen.de \
    --cc=kadlec@netfilter.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=zxu@linkedin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.