Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp5032505pxb; Mon, 15 Feb 2021 07:50:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJxqkor+jvWlW9lrt90xU+HYsNXYzqkijRKht3Dw9seoRrDMBoknE7YvO6MfKbWmJ74+3CRI X-Received: by 2002:a17:906:3484:: with SMTP id g4mr15993031ejb.38.1613404203268; Mon, 15 Feb 2021 07:50:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613404203; cv=none; d=google.com; s=arc-20160816; b=VgNMlLv+z2MLZee+pS5VZ6klZfhoF4IPSkt19dQEih1VOxKtwtlCYi8lFMYMQk7sMW C8jpvf8c8clH3/KC2d3ktwfA4XRFAyP0uSclBMtQwRwmjfD9pGD06D259HBXN9qEMJ8W 75GWxo66ktvTmB0XOh8Ix/fgPqc0qBk9MZD/i43ARHCsmEZz0X3hwL4AlIaZgQ+DPfJP Y5CgQRXnJ4oOQWrS30SCHQDXqJ8ntt1LSyDLuu9foRDy07C/G/5/ZtQehgk425/uzJoQ cp3QPZ6s1VFuUfwrRUB4jnYBiGcOohB+TaldjexVKgQ0b9QuERuv9H2/o6y5TxlEih9s mSHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=zOjGFj0oo0UL32a+pjvWvhiyw9X1wP8ajdi30bTpp/A=; b=fon4cdExEfc1DA/NL7B42i2Nt0hcg2QQL45yrZJ8jC4drl0oETwzRIXalcPGP1Pxp3 4jcIvJDOe1+JXOqPdYHdrYLIf5SN06K9MgURaUdg/6NVCnKWdTR608GjqqLWCTv+ET7w dRq6W48x5UYLUg6dyUhrip7LY3rm2q4n71lA6rGtIST3WFI6dTc5zLHfBHmaDHpedf22 Tej4bYV8N+PWbSDjeV7K5B+DzJo2enDByb6t8bBCmnZFI5bFAiJgjdyp0o+tGOv7m60W 88wcucm2+KzfMyJq1GtL3sd/sfS5Hdd4LcabVBGpU44FmfdTFZivXT6lTRMkvDiqoHwG ZwEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="Gzvl1l/q"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e19si3192937edr.91.2021.02.15.07.49.40; Mon, 15 Feb 2021 07:50:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="Gzvl1l/q"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231868AbhBOPs2 (ORCPT + 99 others); Mon, 15 Feb 2021 10:48:28 -0500 Received: from mail.kernel.org ([198.145.29.99]:46702 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231229AbhBOPbU (ORCPT ); Mon, 15 Feb 2021 10:31:20 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0F3BC64DEE; Mon, 15 Feb 2021 15:29:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613402951; bh=a9M9lhYevYf3bgK1smEiT/lV8oOTA61upZQtQADeO/o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Gzvl1l/qV8CYepCXg/ptvsZy1OWtWXWmozJS6WeewB90g48yP0y0srcgMrPoN6qnO nZD6Pf5bQbANmgRtEny+jua/LCJq9UpXoz3O6KrmJxaMWAzXHOMSI78P8doVAy+NiR jK9HyZ7fSZSqw8jusxGdro+hbvPCs7zwZ8tzjyvc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sven Auhagen , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH 5.4 31/60] netfilter: flowtable: fix tcp and udp header checksum update Date: Mon, 15 Feb 2021 16:27:19 +0100 Message-Id: <20210215152716.345059700@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210215152715.401453874@linuxfoundation.org> References: <20210215152715.401453874@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sven Auhagen [ Upstream commit 8d6bca156e47d68551750a384b3ff49384c67be3 ] When updating the tcp or udp header checksum on port nat the function inet_proto_csum_replace2 with the last parameter pseudohdr as true. This leads to an error in the case that GRO is used and packets are split up in GSO. The tcp or udp checksum of all packets is incorrect. The error is probably masked due to the fact the most network driver implement tcp/udp checksum offloading. It also only happens when GRO is applied and not on single packets. The error is most visible when using a pppoe connection which is not triggering the tcp/udp checksum offload. Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure") Signed-off-by: Sven Auhagen Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/nf_flow_table_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 128245efe84ab..e05e5df803d68 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -354,7 +354,7 @@ static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff, return -1; tcph = (void *)(skb_network_header(skb) + thoff); - inet_proto_csum_replace2(&tcph->check, skb, port, new_port, true); + inet_proto_csum_replace2(&tcph->check, skb, port, new_port, false); return 0; } @@ -371,7 +371,7 @@ static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff, udph = (void *)(skb_network_header(skb) + thoff); if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { inet_proto_csum_replace2(&udph->check, skb, port, - new_port, true); + new_port, false); if (!udph->check) udph->check = CSUM_MANGLED_0; } -- 2.27.0