For translated packets do not adjust UDP checksum if it is zero.

In case when decrypted and decapsulated packet is an UDP datagram,
check that its checksum is not zero before doing incremental checksum
adjustment.

Reported by:	Eugene Grosbein
Tested by:	Eugene Grosbein
This commit is contained in:
Andrey V. Elsukov
2017-02-18 19:53:37 +00:00
parent dc3c93a954
commit fbed6d606a
+3
View File
@@ -266,6 +266,9 @@ udp_ipsec_adjust_cksum(struct mbuf *m, struct secasvar *sav, int proto,
/* Incrementally recompute. */
m_copydata(m, skip + off, sizeof(cksum),
(caddr_t)&cksum);
/* Do not adjust UDP checksum if it is zero. */
if (proto == IPPROTO_UDP && cksum == 0)
return;
cksum = in_addword(cksum, sav->natt->cksum);
} else {
/* No OA from IKEd. */