iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY"

Browse Source 
This reverts commit 5bed9f3f63f8f9d2b1758c24640cbf77b5377511.

Gal Presman says:
 this patch broke geneve tunnels, or possibly all udp tunnels?
 A simple test that creates two geneve tunnels and runs tcp iperf fails
 and results in checksum errors (TcpInCsumErrors).

Original commit wanted to fix nf_reject with zero checksum,
so it appears better to change nf reject infra instead.

Fixes: 5bed9f3f63f8f ("netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY")
Reported-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2022-02-16 20:22:26 +01:00 committed by Pablo Neira Ayuso
parent ef132dc40a
commit bbfbf7a5e7
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/netfilter/nf_conntrack_proto_udp.c
View File

@ -63,10 +63,8 @@ static bool udp_error(struct sk_buff *skb,
} }
/* Packet with no checksum */ /* Packet with no checksum */
if (!hdr->check) { if (!hdr->check)
skb->ip_summed = CHECKSUM_UNNECESSARY;
return false; return false;
}
/* Checksum invalid? Ignore. /* Checksum invalid? Ignore.
* We skip checking packets on the outgoing path * We skip checking packets on the outgoing path