Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp5065988pxb; Mon, 15 Feb 2021 08:36:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJz0Q2vsvTXuxfQslx5RCHvBLzX3ZhcvYN59tuyp7LlEUeqBPvXYYev18fZJF9z85N/noKvY X-Received: by 2002:a17:907:78d5:: with SMTP id kv21mr16426578ejc.461.1613407006826; Mon, 15 Feb 2021 08:36:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613407006; cv=none; d=google.com; s=arc-20160816; b=fhRTvzX+KTiQ/rr4jWiqYRQ6/8FgiAO48eWY/F2T09adfzeECsCz7ikzoGU2l/bCBs 9ZuBu431GExq86bAereU4Fq+N26VkaFh/VbdwL0nMYX1LauzlRMWnjhu8nOUZYKp+zL0 BvazsN6jeGHJd7DYwkttkHL6aHwlzndMDFnWzGloRWMpwsgVsAyuB2Srq1CX0/LkAP9e Orwjf7xCrA068Yn52ZZI+zlu/3LfmzO6hIMA8eaDuY2NuyZQu1U7oXnqT8Q5DblCMSDT UaJ488HR5UeEisds+Se3dtkLEWqGJ+npZScot6ga+aeChdcPV9Ap51hNyHjHIuBd7gVZ ciDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=d+JV9MxnxcZf0dtysZ65Qv2LfCsGr3S4pMUTNsnE6Cc=; b=rR3JOC+g9z+IioHLrRC7WNrztLW0w3dNfQEQAi8s1xEsk5zuoFIPUdaP2TX9sffDxG WPYOYifuh8By3RyB3bnuJJ4msbaVky8AdbTS5+DeXy0lsUf9vwaLGTxWc4U7IheXVQ+w 3RIViUGKsfEvtg9S1A62LeYO5pl8exT0T9gGtjiy9x+JuktgHi0PQpDxzD2z8NC19QKg /6FIh4oovvtYWSux4TpwUjAQP1twQDriNVslZT6eGAdee4gjSR+k5hZeSQdK/npfg7KA XyA7RTIwVJyvsF8iOTt8V/1kLGVUqIDvdUhAH/pATH/0OX/KpnwMA22VCJRouUQ+LC8w WV3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="JRN4k/jZ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p10si4648413edx.456.2021.02.15.08.36.23; Mon, 15 Feb 2021 08:36:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="JRN4k/jZ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231300AbhBOQfu (ORCPT + 99 others); Mon, 15 Feb 2021 11:35:50 -0500 Received: from mail.kernel.org ([198.145.29.99]:49598 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231466AbhBOPht (ORCPT ); Mon, 15 Feb 2021 10:37:49 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id CFBFE64E9D; Mon, 15 Feb 2021 15:33:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613403186; bh=9ZiByKcGi3UbxYcYe6hBpPNXJ2Ra093phZ3dwHz1PHE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JRN4k/jZHZX2ANnPylLU1FQvd9sgel/aYWQYZuT7Q4/Hq2NK0nCF6uWR/NGcWyZLv Zspo8f3fgkIl9f2surAi42KXyXqMZ2+kqm2H2DWEjvAA7tBEk11eE478XTRb3xQWkX IkAmEbHWJJz5ZwdEsbS7qPsthUfBwhtVrPJuvVtA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sven Auhagen , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH 5.10 060/104] netfilter: flowtable: fix tcp and udp header checksum update Date: Mon, 15 Feb 2021 16:27:13 +0100 Message-Id: <20210215152721.414262503@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210215152719.459796636@linuxfoundation.org> References: <20210215152719.459796636@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sven Auhagen [ Upstream commit 8d6bca156e47d68551750a384b3ff49384c67be3 ] When updating the tcp or udp header checksum on port nat the function inet_proto_csum_replace2 with the last parameter pseudohdr as true. This leads to an error in the case that GRO is used and packets are split up in GSO. The tcp or udp checksum of all packets is incorrect. The error is probably masked due to the fact the most network driver implement tcp/udp checksum offloading. It also only happens when GRO is applied and not on single packets. The error is most visible when using a pppoe connection which is not triggering the tcp/udp checksum offload. Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure") Signed-off-by: Sven Auhagen Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/nf_flow_table_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 513f78db3cb2f..4a4acbba78ff7 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -399,7 +399,7 @@ static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff, return -1; tcph = (void *)(skb_network_header(skb) + thoff); - inet_proto_csum_replace2(&tcph->check, skb, port, new_port, true); + inet_proto_csum_replace2(&tcph->check, skb, port, new_port, false); return 0; } @@ -415,7 +415,7 @@ static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff, udph = (void *)(skb_network_header(skb) + thoff); if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { inet_proto_csum_replace2(&udph->check, skb, port, - new_port, true); + new_port, false); if (!udph->check) udph->check = CSUM_MANGLED_0; } -- 2.27.0