Clearance of checksum flags when decapsulating ESP packets
Dr. Rolf Jansen
rj at obsigna.com
Fri Sep 25 13:42:58 UTC 2015
Please, may I ask about the rationale behind the lines 1557 to 1562 in function udp4_espdecap() of file src/sys/netinet/udp_usrreq.c on FreeBSD 10.2-RELEASE-p3.
…
/*
* We cannot yet update the cksums so clear any
* h/w cksum flags as they are no longer valid.
*/
if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID)
m->m_pkthdr.csum_flags &= ~(CSUM_DATA_VALID|CSUM_PSEUDO_HDR);
…
I am specially interested in learning about possibly adverse effects on operating an IPsec and IPsec-NAT-T enabled kernel when leaving the checksum flags in place, i.e. removing the above lines from the file src/sys/netinet/udp_usrreq.c.
Many thanks in advance for any enlightment.
Best regards
Rolf Jansen
More information about the freebsd-net
mailing list