[Xen-devel] [PATCH] [BUG 447] Fix checksum errors when DNAT modifies port numbers

[James Dykman <dykman@xxxxxxxxxx>]

The NAT checksum fixes in patches/linux-2.6.16-rc2/net-csum.patch do not 
work when port numbers are modified (bug 447).
tcp_manip_pkt()/udp_manip_pkt() modify the protocol checksum to reflect 
the changes to ip addresses and port numbers.
When dev_queue_xmit() finds a message with proto_csum_blank set, it 
calculates a new tcp/udp checksum that includes
both the modified port numbers and the modified protocol checksum field... 
so the change to the port numbers affects the
protocol checksum twice. 

This patch modifies net-csum.patch to remove the checksum mangling for 
port numbers in tcp_manip_pkt()/udp_manip_pkt()

Jim

Signed-off-by: Jim Dykman <dykman@xxxxxxxxxx>

diff -r 57e6d7218427 patches/linux-2.6.16-rc2/net-csum.patch
--- a/patches/linux-2.6.16-rc2/net-csum.patch   Fri Feb  3 18:45:14 2006
+++ b/patches/linux-2.6.16-rc2/net-csum.patch   Wed Feb  8 13:37:28 2006
@@ -1,16 +1,14 @@
 diff -pruN 
../pristine-linux-2.6.16-rc1-git4/net/ipv4/netfilter/ip_nat_proto_tcp.c 
./net/ipv4/netfilter/ip_nat_proto_tcp.c
 --- 
../pristine-linux-2.6.16-rc1-git4/net/ipv4/netfilter/ip_nat_proto_tcp.c 
2006-02-02 17:39:51.000000000 +0000
 +++ ./net/ipv4/netfilter/ip_nat_proto_tcp.c    2006-02-02 
17:44:18.000000000 +0000
-@@ -129,10 +129,16 @@ tcp_manip_pkt(struct sk_buff **pskb,
+@@ -129,10 +129,14 @@ tcp_manip_pkt(struct sk_buff **pskb,
        if (hdrsize < sizeof(*hdr))
                return 1;

 -      hdr->check = ip_nat_cheat_check(~oldip, newip,
 +      if ((*pskb)->proto_csum_blank) {
-+              hdr->check = ip_nat_cheat_check(oldip, ~newip,
-+                              ip_nat_cheat_check(oldport ^ 0xFFFF,
-+                                      newport, hdr->check));
-+      } else {
++              hdr->check = ip_nat_cheat_check(oldip, ~newip, 
hdr->check);
++      } else {
 +              hdr->check = ip_nat_cheat_check(~oldip, newip,
                                        ip_nat_cheat_check(oldport ^ 
0xFFFF,
                                                           newport,
@@ -18,22 +16,19 @@
 +      }
        return 1;
  }
-
+
 diff -pruN 
../pristine-linux-2.6.16-rc1-git4/net/ipv4/netfilter/ip_nat_proto_udp.c 
./net/ipv4/netfilter/ip_nat_proto_udp.c
 --- 
../pristine-linux-2.6.16-rc1-git4/net/ipv4/netfilter/ip_nat_proto_udp.c 
2006-02-02 17:39:51.000000000 +0000
 +++ ./net/ipv4/netfilter/ip_nat_proto_udp.c    2006-02-02 
17:44:18.000000000 +0000
-@@ -113,11 +113,19 @@ udp_manip_pkt(struct sk_buff **pskb,
+@@ -113,11 +113,16 @@ udp_manip_pkt(struct sk_buff **pskb,
                newport = tuple->dst.u.udp.port;
                portptr = &hdr->dest;
        }
 -      if (hdr->check) /* 0 is a special case meaning no checksum */
 -              hdr->check = ip_nat_cheat_check(~oldip, newip,
-+
 +      if (hdr->check) { /* 0 is a special case meaning no checksum */
 +              if ((*pskb)->proto_csum_blank) {
-+                      hdr->check = ip_nat_cheat_check(oldip, ~newip,
-+                                      ip_nat_cheat_check(*portptr ^ 
0xFFFF,
-+                                              newport, hdr->check));
++                      hdr->check = ip_nat_cheat_check(oldip, ~newip, 
hdr->check);
 +              } else {
 +                      hdr->check = ip_nat_cheat_check(~oldip, newip,
                                        ip_nat_cheat_check(*portptr ^ 
0xFFFF,

bug447.patch
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel