svn commit: r313922 - head/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Sat Feb 18 19:53:39 UTC 2017
Author: ae
Date: Sat Feb 18 19:53:37 2017
New Revision: 313922
URL: https://svnweb.freebsd.org/changeset/base/313922
Log:
For translated packets do not adjust UDP checksum if it is zero.
In case when decrypted and decapsulated packet is an UDP datagram,
check that its checksum is not zero before doing incremental checksum
adjustment.
Reported by: Eugene Grosbein
Tested by: Eugene Grosbein
Modified:
head/sys/netipsec/udpencap.c
Modified: head/sys/netipsec/udpencap.c
==============================================================================
--- head/sys/netipsec/udpencap.c Sat Feb 18 19:19:08 2017 (r313921)
+++ head/sys/netipsec/udpencap.c Sat Feb 18 19:53:37 2017 (r313922)
@@ -266,6 +266,9 @@ udp_ipsec_adjust_cksum(struct mbuf *m, s
/* Incrementally recompute. */
m_copydata(m, skip + off, sizeof(cksum),
(caddr_t)&cksum);
+ /* Do not adjust UDP checksum if it is zero. */
+ if (proto == IPPROTO_UDP && cksum == 0)
+ return;
cksum = in_addword(cksum, sav->natt->cksum);
} else {
/* No OA from IKEd. */
More information about the svn-src-all
mailing list