Skip to content

Commit

Permalink
[IPSEC] esp: Remove NAT-T checksum invalidation for BEET
Browse files Browse the repository at this point in the history 
I pointed this out back when this patch was first proposed but it looks like
it got lost along the way.

The checksum only needs to be ignored for NAT-T in transport mode where
we lose the original inner addresses due to NAT.  With BEET the inner
addresses will be intact so the checksum remains valid.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Herbert Xu authored and David S. Miller committed Oct 10, 2007
1 parent f24e3d6 commit 8bd1707
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions net/ipv4/esp4.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,8 +261,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
* as per draft-ietf-ipsec-udp-encaps-06,
* section 3.1.2
*/
if (x->props.mode == XFRM_MODE_TRANSPORT ||
x->props.mode == XFRM_MODE_BEET)
if (x->props.mode == XFRM_MODE_TRANSPORT)
skb->ip_summed = CHECKSUM_UNNECESSARY;
}

Expand Down

0 comments on commit 8bd1707

Please sign in to comment.