From nobody Thu May 21 21:21:57 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gM1ZF6r6Pz6f0DL for ; Thu, 21 May 2026 21:21:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gM1ZF3h5fz3DV1 for ; Thu, 21 May 2026 21:21:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779398517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bYGVVBZdYzQkT3p6P2J8NkWGStuIOv3ljrTWdfXi790=; b=FpsAGEHhQ0zqXaEgregqbS4rQ0QtUKqkiye3o7w/XEAhl9xR+IcKFZMvu5SXTIxgq0d7Tg irSOhNItv8v78g67Lci58AoBmquq+DibRbs+5ANq9NJPk0NrnGQJMitC4becQcIGJTcCHX NbNzcRPuCjsg22kTuaWYV+J9AFnlO7E5dIeG3wLXmF0pFm8YNFirWZBKGdjwcIm97RFM7W PLqX8KbFvtFploDASzYWHgqa4VyxLPZCHj881NAJgmmIRHwbbckR7Butby1/ogYvbMXWyn ff/LKrkAa0wtGH8lRxy5DpNweS3pPJwa49ifhi0ChO3RKMtQbcpdJCxYz6cyVw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779398517; a=rsa-sha256; cv=none; b=NkgWE+vN+Zles4ZRUU4B6RACFnkblHiFPiAXGrNJJWNm39IArnkGej24gT+XxLJbNUe5dQ QAzD641xUFuoFY/dZKpIP8LB1j855gXjdVjXtZC5jbX5d2t+Gj+LXTBbHqDo2rnb7OrbKI QKzCsK1eoZprAfq8OvsAitkzeBcZqnJ+BrJdo8ZKTXTT4pDsJTjPQ7m3BSP5cr7XQfVXns 4pzvAqd+9OEcL148LQo0KnmFLloMfyVMQ2kX6p1l3H8ibyEa5ljk54o1TzDKtRMkJvwGiP Z4tar1wpEdOR6gzNs4MR+TvLl9FbIU17y9Bx1/MFxP1CMq/U4IKQL9LoedMtpg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779398517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bYGVVBZdYzQkT3p6P2J8NkWGStuIOv3ljrTWdfXi790=; b=Ce1oQmAo7DKTHPnfTVBvyxHrGEl1T38HRY5Mcfv63LO62AnyV+S/4K4s7u/3FDhrbcP5DU UYv6sVvvgEOXt3RuGyJbJ5g2449Ex6VEfpRQrSPzvTIdeMgK1pw99b6Ev+k7YkNZZtdk4A YgrQ3PhB6UYuR6goeD2ohDz/HpbHv/h0mdXLvvfHDDIS/h/s35NzjYz/ZAuhVugRKgsc46 PLbW5WXQUXlE4PfKkzH8qfDTRXQZJF7bCpsJZdX+grw1hd8FZ4AWtGUFzYui5WK3cvCYSb DJRT6F/R6jsn5Q+w8mlyRhajLdnQ8Ht6+TQgNJ75ehxM40B7PZsVKhG6K8i2Tw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gM1ZF2wHRzqSn for ; Thu, 21 May 2026 21:21:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1d3b8 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 21 May 2026 21:21:57 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Timo =?utf-8?Q?V=C3=B6lker?= From: Colin Percival Subject: git: 78de09e1412e - releng/15.1 - ipfw: fix checksum after NAT List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.1 X-Git-Reftype: branch X-Git-Commit: 78de09e1412e2e720a2391457f65717248bad4f4 Auto-Submitted: auto-generated Date: Thu, 21 May 2026 21:21:57 +0000 Message-Id: <6a0f7775.1d3b8.10b4c85b@gitrepo.freebsd.org> The branch releng/15.1 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=78de09e1412e2e720a2391457f65717248bad4f4 commit 78de09e1412e2e720a2391457f65717248bad4f4 Author: Timo Völker AuthorDate: 2026-05-21 10:54:44 +0000 Commit: Colin Percival CommitDate: 2026-05-21 21:21:05 +0000 ipfw: fix checksum after NAT When checksum offloading is used, IPFW needs to fix the checksum after libalias has done NAT. The ipfw_nat() function does so, but only for mbufs without a receiving interface. However, if, for example, the packet was sent inside a jail that used checksum offloading over an epair, ipfw still needs to fix the checksum even though the mbuf has set a receiving interface (epair). This patch just removes the check whether a receiving interface is set. Approved by: re (cperciva) PR: 295057 Reviewed by: tuexen Differential Revision: https://reviews.freebsd.org/D57091 (cherry picked from commit 81b47a7c604f1d563283759572fa7a1f9d4dc56f) (cherry picked from commit 198379d2c29fae7300b650a96199e51a66b87364) --- sys/netpfil/ipfw/ip_fw_nat.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/sys/netpfil/ipfw/ip_fw_nat.c b/sys/netpfil/ipfw/ip_fw_nat.c index 8bd27f6885ab..34e60edfc4a5 100644 --- a/sys/netpfil/ipfw/ip_fw_nat.c +++ b/sys/netpfil/ipfw/ip_fw_nat.c @@ -311,17 +311,17 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) /* * XXX - Libalias checksum offload 'duct tape': * - * locally generated packets have only pseudo-header checksum - * calculated and libalias will break it[1], so mark them for - * later fix. Moreover there are cases when libalias modifies + * When checksum offloading is used, packets contain only the + * pseudo-header checksum and libalias will break it[1], so mark them + * for later fix. Moreover there are cases when libalias modifies * tcp packet data[2], mark them for later fix too. * * [1] libalias was never meant to run in kernel, so it does * not have any knowledge about checksum offloading, and * expects a packet with a full internet checksum. - * Unfortunately, packets generated locally will have just the - * pseudo header calculated, and when libalias tries to adjust - * the checksum it will actually compute a wrong value. + * Unfortunately, when checksum offloading is used, packets will + * contain just the pseudo-header checksum, and when libalias tries to + * adjust the checksum it will actually compute a wrong value. * * [2] when libalias modifies tcp's data content, full TCP * checksum has to be recomputed: the problem is that @@ -340,8 +340,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) * it can handle delayed checksum and tso) */ - if (mcl->m_pkthdr.rcvif == NULL && - mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) + if (mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) ldt = 1; c = mtod(mcl, char *);