Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1538801pxb; Mon, 22 Feb 2021 04:50:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJy4FyAiVDy6KtUGu98tO1u4gqlszBK6dgAqTGuhosSzqzf5uMqvMD1mBZ+AceCu7sYoSDU+ X-Received: by 2002:aa7:ccd4:: with SMTP id y20mr22542016edt.94.1613998220128; Mon, 22 Feb 2021 04:50:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613998220; cv=none; d=google.com; s=arc-20160816; b=LRblmqIiau79cSgZyHIdRXKju4VoOBRXQvkCLoqtnNx9SsvRvgs9NlGlWCz9882w7u bmws7FIybCFEWC+2f3QR1EfZctn7iGxKsQRttfyCqJAdEJYoYzmq+imyKHcrQGXf/upU 5UL/SqhmjdrL/bPxwm9OfxJoMFk9X8H3BYYVYutclwH5RWqj4/apUeCajDPEghv65T1S 1EFacIVEkz8FdfvvzPlQ3jJMwsJchcy65ENAM6RqnfPGEueV8stI2h2fc1Kd7TLpXa5X 9hOaWLMfG4UbW0A1QImF6GrS8W6xbi4gNLfLIJJNcQE9RWXFJZWgoy4RSbsiuekXCukJ FSBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KPX2blh5thbuohJvu+Bz9InXx2aDJ5kpUQgNP/V0IZg=; b=gcpByrepMEDMZUp+924HSPMTEzfMQsKNZvzBuWASuCgRGL0O18uR6A05pDT+hpIw4X wGA4/+H0MJcU1bYuWmFwKWnVqSHstNKGLHStZU30mgl7CzAkFotWuq5DL/ol+D/U0GLV od/kJV3+HpNbPOKJSJ+9knmmvOlDOuOcy3Vsn50QrZYCDRFMNPXfy3Yp26DkEtGcETaC B6rd2d6OL2oXPmBBg+LtH4V2NPYSQY8Od3Cp2N2M92uXZBYbrHWp/JqO2MdQRGAj7wdx eBmHRN6QAq8SagEu+Ylrns8gWwIK4sN/wTJxyY6d3RK4jOnikPYZWZSsBqjub3E5sfaL tZlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="P7DXP/nS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gv9si2654803ejb.108.2021.02.22.04.49.57; Mon, 22 Feb 2021 04:50:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="P7DXP/nS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231626AbhBVMrL (ORCPT + 99 others); Mon, 22 Feb 2021 07:47:11 -0500 Received: from mail.kernel.org ([198.145.29.99]:45328 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230459AbhBVMQn (ORCPT ); Mon, 22 Feb 2021 07:16:43 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id DA9FD64DA1; Mon, 22 Feb 2021 12:16:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613996180; bh=BamTYaZvGkdzZKkD4YSrebbvBsR0uV5wr67NCAblK+s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=P7DXP/nS+DmIGOUoR9fntxMnPDWGTNZrtlg7dMapLFBIlgUCn7mRpDxWC6Rxef1+P Iv+Y/8esL9VgoiGs7XRZaJ785jjBA6bWLZuT89ZBXMvkOvBof60WROHuLGatxtH3ow rszYtkWuIPUhnYhS5/LtkyprAn4tTEGK8xixlxI0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sven Auhagen , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH 4.19 19/50] netfilter: flowtable: fix tcp and udp header checksum update Date: Mon, 22 Feb 2021 13:13:10 +0100 Message-Id: <20210222121023.078460674@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210222121019.925481519@linuxfoundation.org> References: <20210222121019.925481519@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sven Auhagen [ Upstream commit 8d6bca156e47d68551750a384b3ff49384c67be3 ] When updating the tcp or udp header checksum on port nat the function inet_proto_csum_replace2 with the last parameter pseudohdr as true. This leads to an error in the case that GRO is used and packets are split up in GSO. The tcp or udp checksum of all packets is incorrect. The error is probably masked due to the fact the most network driver implement tcp/udp checksum offloading. It also only happens when GRO is applied and not on single packets. The error is most visible when using a pppoe connection which is not triggering the tcp/udp checksum offload. Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure") Signed-off-by: Sven Auhagen Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/nf_flow_table_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 890799c16aa41..b3957fe7eced2 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -360,7 +360,7 @@ static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff, return -1; tcph = (void *)(skb_network_header(skb) + thoff); - inet_proto_csum_replace2(&tcph->check, skb, port, new_port, true); + inet_proto_csum_replace2(&tcph->check, skb, port, new_port, false); return 0; } @@ -377,7 +377,7 @@ static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff, udph = (void *)(skb_network_header(skb) + thoff); if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { inet_proto_csum_replace2(&udph->check, skb, port, - new_port, true); + new_port, false); if (!udph->check) udph->check = CSUM_MANGLED_0; } -- 2.27.0