Skip to content

Commit

Permalink
act_nat: fix the wrong checksum when addr isn't in old_addr/mask
Browse files Browse the repository at this point in the history 
fix the wrong checksum when addr isn't in old_addr/mask

For TCP and UDP packets, when addr isn't in old_addr/mask we don't do SNAT or
DNAT, and we should not update layer 4 checksum.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
----
 net/sched/act_nat.c |    4 ++++
 1 file changed, 4 insertions(+)
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Changli Gao authored and David S. Miller committed Jun 2, 2010
1 parent e3fe855 commit 33c29dd
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions net/sched/act_nat.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
iph->daddr = new_addr;

csum_replace4(&iph->check, addr, new_addr);
} else if ((iph->frag_off & htons(IP_OFFSET)) ||
iph->protocol != IPPROTO_ICMP) {
goto out;
}

ihl = iph->ihl * 4;
Expand Down Expand Up @@ -247,6 +250,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
break;
}

out:
return action;

drop:
Expand Down

0 comments on commit 33c29dd

Please sign in to comment.