Received: by 2002:a17:90a:8504:0:0:0:0 with SMTP id l4csp2237347pjn; Thu, 24 Oct 2019 06:49:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqwHD3m/5jGLjkiTikFmbzwftikpEWLOKtL90l2FwhvNc2bpLxZuWwhpRmA/GPpnFbq82PBP X-Received: by 2002:a05:6402:1359:: with SMTP id y25mr43343436edw.183.1571924991642; Thu, 24 Oct 2019 06:49:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571924991; cv=none; d=google.com; s=arc-20160816; b=0JW7p0K9v8C+DR3bp97XHUsr7n3d3ku8YUCPP9rov8TtFpbEdgXkWlcpP7dqO4papv yKc+ABIgBj122Ixw3VVMZeHEs0039LRB3KMLGEpMd9jhKBw6qPc2j45bb4cNYFieUi4k LpH3e/dIz8q0sdndpVU+YSD7GTTQ/vviwDr6Tfu/Bw1EMi5tiSxp2yOgEAsXH9OM9ulN 87aCSETSNyclwOpc/ZdT2sanZ9VTu8gMU9Bm1POcCMdY0wJ7mPO/eyITJh8riGFSLFZL FwDlPxiNqDmd2VmIZzwLQRWoI0JIXKsJWAJyRreSlJuupzIcuYlUINLWxZC0WtI7et2j GIow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=xcAalE2eDbpcZw7HteACKUkvpfDlcc+1w2Cu7ICTO9U=; b=j+eOql4/Lcg/RSMXSr1oArTkq3IJp5fdO9JCdIMUZaZVNoKofl6loviB4Jw7y8/jek 633g+59x26ALkIoDrCoIgYDvyLIhTa+NBYxbHSBhXKCNwH2214LG1tI6lDVhDjBBY+lJ w2mM/35q+Bd/nXv15NuWHceYHKPIjttK1zAfUWQkZzHsCNVBEXYez4i8jAVYayMV4Zzq 4zN8Z725Xox3PYpkUazoXZ0JoC0tQ2xoMpu/1sYPy3pytF52pGnJcLd+MuXTZEJxgK7A GIA0if/4eeensG0+5rD36lOGyWqGQ6Evs1/qI/Jrha1l9KH/YJnzK5jwelwcANvWPXi/ Zz6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i4si10363487ejj.21.2019.10.24.06.49.26; Thu, 24 Oct 2019 06:49:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391029AbfJWTdn (ORCPT + 99 others); Wed, 23 Oct 2019 15:33:43 -0400 Received: from Chamillionaire.breakpoint.cc ([193.142.43.52]:58948 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389916AbfJWTdn (ORCPT ); Wed, 23 Oct 2019 15:33:43 -0400 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1iNMO1-0005gG-Bj; Wed, 23 Oct 2019 21:33:37 +0200 Date: Wed, 23 Oct 2019 21:33:37 +0200 From: Florian Westphal To: Praveen Chaudhary Cc: davem@davemloft.net, fw@strlen.de, kadlec@netfilter.org, pablo@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Zhenggen Xu , Andy Stracner Subject: Re: [PATCH] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet. Message-ID: <20191023193337.GP25052@breakpoint.cc> References: <1571857342-8407-1-git-send-email-pchaudhary@linkedin.com> <1571857342-8407-2-git-send-email-pchaudhary@linkedin.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1571857342-8407-2-git-send-email-pchaudhary@linkedin.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Praveen Chaudhary wrote: > Update skb->csum, when netfilter code updates IPV6 SRC\DST address in IPV6 HEADER due to iptable rule. > > Signed-off-by: Praveen Chaudhary > Signed-off-by: Zhenggen Xu > Signed-off-by: Andy Stracner > --- > include/net/checksum.h | 2 ++ > net/core/utils.c | 13 +++++++++++++ > net/netfilter/nf_nat_proto.c | 2 ++ > 3 files changed, 17 insertions(+) > > diff --git a/include/net/checksum.h b/include/net/checksum.h > index 97bf488..d7d28b7 100644 > --- a/include/net/checksum.h > +++ b/include/net/checksum.h > @@ -145,6 +145,8 @@ void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb, > void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, > const __be32 *from, const __be32 *to, > bool pseudohdr); > +void inet_proto_skb_csum_replace16(struct sk_buff *skb, > + const __be32 *from, const __be32 *to); > void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, > __wsum diff, bool pseudohdr); > > diff --git a/net/core/utils.c b/net/core/utils.c > index 6b6e51d..ab3284b 100644 > --- a/net/core/utils.c > +++ b/net/core/utils.c > @@ -458,6 +458,19 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, > } > EXPORT_SYMBOL(inet_proto_csum_replace16); > > +void inet_proto_skb_csum_replace16(struct sk_buff *skb, > + const __be32 *from, const __be32 *to) > +{ > + __be32 diff[] = { > + ~from[0], ~from[1], ~from[2], ~from[3], > + to[0], to[1], to[2], to[3], > + }; > + if (skb->ip_summed == CHECKSUM_COMPLETE) > + skb->csum = csum_partial(diff, sizeof(diff), > + skb->csum); > +} > +EXPORT_SYMBOL(inet_proto_skb_csum_replace16); > + > void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, > __wsum diff, bool pseudohdr) > { > diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c > index 0a59c14..de94590 100644 > --- a/net/netfilter/nf_nat_proto.c > +++ b/net/netfilter/nf_nat_proto.c > @@ -467,6 +467,8 @@ static void nf_nat_ipv6_csum_update(struct sk_buff *skb, > } > inet_proto_csum_replace16(check, skb, oldip->s6_addr32, > newip->s6_addr32, true); > + inet_proto_skb_csum_replace16(skb, oldip->s6_addr32, > + newip->s6_addr32); This is confusing. You're saying that inet_proto_csum_replace16() is producing a wrong skb->csum. So why are you adding a new function to do the csum calculation instead of fixing inet_proto_csum_replace16() to do the right thing?