Commit 6bac76db authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso

netfilter: nat: fix udp checksum corruption

Due to copy&paste error nf_nat_mangle_udp_packet passes IPPROTO_TCP,
resulting in incorrect udp checksum when payload had to be mangled.

Fixes: dac3fe72 ("netfilter: nat: remove csum_recalc hook")
Reported-by: default avatarMarc Haber <mh+netdev@zugschlus.de>
Tested-by: default avatarMarc Haber <mh+netdev@zugschlus.de>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 82ce6eb1
...@@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb, ...@@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL) if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
return true; return true;
nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP, nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP,
udph, &udph->check, datalen, oldlen); udph, &udph->check, datalen, oldlen);
return true; return true;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment