svn commit: r363888 - head/sys/netpfil/ipfw/nat64

Wed Aug 5 09:16:36 UTC 2020

Author: ae
Date: Wed Aug  5 09:16:35 2020
New Revision: 363888
URL: https://svnweb.freebsd.org/changeset/base/363888

Log:
  Handle delayed checksums if needed in NAT64.
  
  Upper level protocols defer checksums calculation in hope we have
  checksums offloading in a network card. CSUM_DELAY_DATA flag is used
  to determine that checksum calculation was deferred. And IP output
  routine checks for this flag before pass mbuf to lower layer. Forwarded
  packets have not this flag.
  
  NAT64 uses checksums adjustment when it translates IP headers.
  In most cases NAT64 is used for forwarded packets, but in case when it
  handles locally originated packets we need to finish checksum calculation
  that was deferred to correctly adjust it.
  
  Add check for presence of CSUM_DELAY_DATA flag and finish checksum
  calculation before adjustment.
  
  Reported and tested by:	Evgeniy Khramtsov <evgeniy at khramtsov org>
  MFC after:	1 week

Modified:
  head/sys/netpfil/ipfw/nat64/nat64_translate.c

Modified: head/sys/netpfil/ipfw/nat64/nat64_translate.c
==============================================================================

--- head/sys/netpfil/ipfw/nat64/nat64_translate.c	Wed Aug  5 08:31:26 2020	(r363887)
+++ head/sys/netpfil/ipfw/nat64/nat64_translate.c	Wed Aug  5 09:16:35 2020	(r363888)
@@ -1294,6 +1294,12 @@ nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *s
 		ip6.ip6_hlim -= IPTTLDEC;
 	ip6.ip6_plen = htons(plen);
 	ip6.ip6_nxt = (proto == IPPROTO_ICMP) ? IPPROTO_ICMPV6: proto;
+
+	/* Handle delayed checksums if needed. */
+	if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
+		in_delayed_cksum(m);
+		m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
+	}
 	/* Convert checksums. */
 	switch (proto) {
 	case IPPROTO_TCP:
@@ -1665,6 +1671,12 @@ nat64_do_handle_ip6(struct mbuf *m, uint32_t aaddr, ui
 		return (NAT64RETURN);
 	}
 	nat64_init_ip4hdr(ip6, frag, plen, proto, &ip);
+
+	/* Handle delayed checksums if needed. */
+	if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) {
+		in6_delayed_cksum(m, plen, hlen);
+		m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6;
+	}
 	/* Convert checksums. */
 	switch (proto) {
 	case IPPROTO_TCP:
