Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp67359yba; Mon, 20 May 2019 05:08:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqyfi1GgBnF1MSD4Lc92S+/g+1wsjOY7ikOH0S6EmUD46wJUM+QeWA10AdFnl+sZ3NNAFuJw X-Received: by 2002:aa7:95bb:: with SMTP id a27mr68638940pfk.30.1558354127530; Mon, 20 May 2019 05:08:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558354127; cv=none; d=google.com; s=arc-20160816; b=AVuLNpkqD6TMgIdxfc1EQYD+Gwl9F9TpyTx5APlBImuVNVY7tFPQKh/kXzjK8CfBrd NJ+VHB4nQgIiUK66QjEYpk8fcdfb0hB9Rdg/MCOKpaEEVGxFW3pTs/7ZfN75Kkiyol2Y YdNPxD7LZbvZ4heyMkcrNmR/ggy0O3zxU0tfhy1wa4sGiPiidMZE80n5Xy67QsDug/F6 YZEfPQFzV94CJtl5ewI0XqUSchskMyDrqegKu1i742T8LnB/deTeRtv59CvPYOvQiBXM ASP/12YPJcfaPfkYOLsLfrv2jN6qUKEExrbv52+EhUeu+OvJPR7pny1tP3UjCHXBCnZ5 uJbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=/lBwtS1gjL3E3nfNHvMJNrSJjNsGop9x9dlLnWMJjeo=; b=v14iYnIZjXne0dlILAS7eeP3kzHv8x922MKHiO082Qfz522AkWnqDDED68jcgvaFsN Cn3mmxoERv3A1BzCHuenpJt+KaQ0ovsIYXMlMOCeiYqkjbrCmXED1ljWm6/NRzdnMVHt AbOwG7a8oSoHkD9cRJxgTrN7AK78l1P+LbuXgQ6T2oLPIjeBDyCnDia0gBs99q/T7cak 3uLSF87u39arlAcBnWHpgQOdPou0kYc7XRemzJ45fBp/rGUr5sbQtsfG8TCNBZ7wi6ij 7G9/PD+SiaXl1mdEnou4/fC83MEK38RgOQMX2IpWws3PFT5vcvksE9U/vvR8JvbITl34 C9EQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a4si17322072pgw.48.2019.05.20.05.08.29; Mon, 20 May 2019 05:08:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732885AbfETLbV (ORCPT + 99 others); Mon, 20 May 2019 07:31:21 -0400 Received: from torres.zugschlus.de ([85.214.131.164]:44980 "EHLO torres.zugschlus.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731119AbfETLbV (ORCPT ); Mon, 20 May 2019 07:31:21 -0400 Received: from mh by torres.zugschlus.de with local (Exim 4.92) (envelope-from ) id 1hSgVj-0002sD-PI; Mon, 20 May 2019 13:31:19 +0200 Date: Mon, 20 May 2019 13:31:19 +0200 From: Marc Haber To: Florian Westphal Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: Kernel 5.1 breaks UDP checksums for SIP packets Message-ID: <20190520113119.GB6502@torres.zugschlus.de> References: <20190520094955.GA6502@torres.zugschlus.de> <20190520102802.vv3xyd2p7ei4j65r@breakpoint.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190520102802.vv3xyd2p7ei4j65r@breakpoint.cc> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 20, 2019 at 12:28:02PM +0200, Florian Westphal wrote: > Marc Haber wrote: > > when I update my Firewall from Kernel 5.0 to Kernel 5.1, SIP clients > > that connect from the internal network to an external, commercial SIP > > service do not work any more. When I trace beyond the NAT, I see that > > the outgoing SIP packets have incorrect UDP checksums: > > I'm a moron. Can you please try this patch? > > diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c > --- a/net/netfilter/nf_nat_helper.c > +++ b/net/netfilter/nf_nat_helper.c > @@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb, > if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL) > return true; > > - nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP, > + nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP, > udph, &udph->check, datalen, oldlen); > > return true; Thanks for the lightning fast reaction. The patch indeed fixes the issue for me, everything is online now, incoming and outgoing calls are possible. Can you funnel that one to Greg please for the next stable release? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421