ipfw: fix checksum after NAT

When checksum offloading is used, IPFW needs to fix the checksum
after libalias has done NAT. The ipfw_nat() function does so, but
only for mbufs without a receiving interface. However, if, for example,
the packet was sent inside a jail that used checksum offloading over
an epair, ipfw still needs to fix the checksum even though the mbuf
has set a receiving interface (epair).
This patch just removes the check whether a receiving interface is set.

PR:			295057
Reviewed by:		tuexen
MFC after:		immediately
Differential Revision:	https://reviews.freebsd.org/D57091
This commit is contained in:
Timo Völker
2026-05-21 12:54:44 +02:00
committed by Michael Tuexen
parent e9cbbf04d6
commit 81b47a7c60
+7 -8
View File
@@ -311,17 +311,17 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
/*
* XXX - Libalias checksum offload 'duct tape':
*
* locally generated packets have only pseudo-header checksum
* calculated and libalias will break it[1], so mark them for
* later fix. Moreover there are cases when libalias modifies
* When checksum offloading is used, packets contain only the
* pseudo-header checksum and libalias will break it[1], so mark them
* for later fix. Moreover there are cases when libalias modifies
* tcp packet data[2], mark them for later fix too.
*
* [1] libalias was never meant to run in kernel, so it does
* not have any knowledge about checksum offloading, and
* expects a packet with a full internet checksum.
* Unfortunately, packets generated locally will have just the
* pseudo header calculated, and when libalias tries to adjust
* the checksum it will actually compute a wrong value.
* Unfortunately, when checksum offloading is used, packets will
* contain just the pseudo-header checksum, and when libalias tries to
* adjust the checksum it will actually compute a wrong value.
*
* [2] when libalias modifies tcp's data content, full TCP
* checksum has to be recomputed: the problem is that
@@ -340,8 +340,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
* it can handle delayed checksum and tso)
*/
if (mcl->m_pkthdr.rcvif == NULL &&
mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
if (mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
ldt = 1;
c = mtod(mcl, char *);