@@ -686,10 +686,9 @@ reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
&conn->key.dst.addr.ipv6, true);
}
reverse_pat_packet(pkt, conn);
- uint32_t icmp6_csum = packet_csum_pseudoheader6(nh6);
icmp6->icmp6_base.icmp6_cksum = 0;
- icmp6->icmp6_base.icmp6_cksum = csum_finish(
- csum_continue(icmp6_csum, icmp6, tail - (char *) icmp6 - pad));
+ icmp6->icmp6_base.icmp6_cksum = packet_csum_upperlayer6(nh6, icmp6,
+ IPPROTO_ICMPV6, tail - (char *) icmp6 - pad);
}
pkt->l3_ofs = orig_l3_ofs;
pkt->l4_ofs = orig_l4_ofs;
@@ -1591,19 +1590,14 @@ static inline bool
checksum_valid(const struct conn_key *key, const void *data, size_t size,
const void *l3)
{
- uint32_t csum = 0;
-
if (key->dl_type == htons(ETH_TYPE_IP)) {
- csum = packet_csum_pseudoheader(l3);
+ uint32_t csum = packet_csum_pseudoheader(l3);
+ return csum_finish(csum_continue(csum, data, size)) == 0;
} else if (key->dl_type == htons(ETH_TYPE_IPV6)) {
- csum = packet_csum_pseudoheader6(l3);
+ return packet_csum_upperlayer6(l3, data, key->nw_proto, size) == 0;
} else {
return false;
}
-
- csum = csum_continue(csum, data, size);
-
- return csum_finish(csum) == 0;
}
static inline bool
@@ -3261,16 +3255,14 @@ handle_ftp_ctl(struct conntrack *ct, const struct conn_lookup_ctx *ctx,
}
th->tcp_csum = 0;
- uint32_t tcp_csum;
if (ctx->key.dl_type == htons(ETH_TYPE_IPV6)) {
- tcp_csum = packet_csum_pseudoheader6(nh6);
+ th->tcp_csum = packet_csum_upperlayer6(nh6, th, ctx->key.nw_proto,
+ dp_packet_l4_size(pkt));
} else {
- tcp_csum = packet_csum_pseudoheader(l3_hdr);
+ uint32_t tcp_csum = packet_csum_pseudoheader(l3_hdr);
+ th->tcp_csum = csum_finish(
+ csum_continue(tcp_csum, th, dp_packet_l4_size(pkt)));
}
- const char *tail = dp_packet_tail(pkt);
- uint8_t pad = dp_packet_l2_pad_size(pkt);
- th->tcp_csum = csum_finish(
- csum_continue(tcp_csum, th, tail - (char *) th - pad));
if (seq_skew) {
conn_seq_skew_set(ct, &ec->key, now, seq_skew + ec->seq_skew,
It is a day one issue that got copied to subsequent code. Fixes: a489b16854b5 ("conntrack: New userspace connection tracker.") Fixes: bd5e81a0e596 ("Userspace Datapath: Add ALG infra and FTP.") CC: Daniele Di Proietto <diproiettod@ovn.org> Signed-off-by: Darrell Ball <dlu998@gmail.com> --- Fix will need to be backported as far back as 2.6 and the fix will need separate patches for some earlier releases, which I will do. v2: Fix compiler warnings. Split out from another series; this is version 2 of this patch itself. lib/conntrack.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-)