Commit 4b4076ac authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: Fix ICMP checksumming in icmp_reply_translation()

The function returns before recalculating the checksum in some cases.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8727ca83
...@@ -450,6 +450,13 @@ int icmp_reply_translation(struct sk_buff **pskb, ...@@ -450,6 +450,13 @@ int icmp_reply_translation(struct sk_buff **pskb,
!manip)) !manip))
return 0; return 0;
/* Reloading "inside" here since manip_pkt inner. */
inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
inside->icmp.checksum = 0;
inside->icmp.checksum = csum_fold(skb_checksum(*pskb, hdrlen,
(*pskb)->len - hdrlen,
0));
/* Change outer to look the reply to an incoming packet /* Change outer to look the reply to an incoming packet
* (proto 0 means don't invert per-proto part). */ * (proto 0 means don't invert per-proto part). */
...@@ -468,13 +475,6 @@ int icmp_reply_translation(struct sk_buff **pskb, ...@@ -468,13 +475,6 @@ int icmp_reply_translation(struct sk_buff **pskb,
return 0; return 0;
} }
/* Reloading "inside" here since manip_pkt inner. */
inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
inside->icmp.checksum = 0;
inside->icmp.checksum = csum_fold(skb_checksum(*pskb, hdrlen,
(*pskb)->len - hdrlen,
0));
return 1; return 1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment