ipfw: fix checksum after NAT
When checksum offloading is used, IPFW needs to fix the checksum after libalias has done NAT. The ipfw_nat() function does so, but only for mbufs without a receiving interface. However, if, for example, the packet was sent inside a jail that used checksum offloading over an epair, ipfw still needs to fix the checksum even though the mbuf has set a receiving interface (epair). This patch just removes the check whether a receiving interface is set. PR: 295057 Reviewed by: tuexen MFC after: immediately Differential Revision: https://reviews.freebsd.org/D57091
This commit is contained in:
committed by
Michael Tuexen
parent
e9cbbf04d6
commit
81b47a7c60
@@ -311,17 +311,17 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
|
||||
/*
|
||||
* XXX - Libalias checksum offload 'duct tape':
|
||||
*
|
||||
* locally generated packets have only pseudo-header checksum
|
||||
* calculated and libalias will break it[1], so mark them for
|
||||
* later fix. Moreover there are cases when libalias modifies
|
||||
* When checksum offloading is used, packets contain only the
|
||||
* pseudo-header checksum and libalias will break it[1], so mark them
|
||||
* for later fix. Moreover there are cases when libalias modifies
|
||||
* tcp packet data[2], mark them for later fix too.
|
||||
*
|
||||
* [1] libalias was never meant to run in kernel, so it does
|
||||
* not have any knowledge about checksum offloading, and
|
||||
* expects a packet with a full internet checksum.
|
||||
* Unfortunately, packets generated locally will have just the
|
||||
* pseudo header calculated, and when libalias tries to adjust
|
||||
* the checksum it will actually compute a wrong value.
|
||||
* Unfortunately, when checksum offloading is used, packets will
|
||||
* contain just the pseudo-header checksum, and when libalias tries to
|
||||
* adjust the checksum it will actually compute a wrong value.
|
||||
*
|
||||
* [2] when libalias modifies tcp's data content, full TCP
|
||||
* checksum has to be recomputed: the problem is that
|
||||
@@ -340,8 +340,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
|
||||
* it can handle delayed checksum and tso)
|
||||
*/
|
||||
|
||||
if (mcl->m_pkthdr.rcvif == NULL &&
|
||||
mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
|
||||
if (mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
|
||||
ldt = 1;
|
||||
|
||||
c = mtod(mcl, char *);
|
||||
|
||||
Reference in New Issue
Block a user