git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	fan.du <fan.du@windriver.com>
	Sun, 1 Dec 2013 08:28:48 +0000 (16:28 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 8 Dec 2013 15:29:42 +0000 (07:29 -0800)
commit	d92c9bfeb1ea4167d77f6a2fc05d9897c96736aa
tree	e83e5dc7f559ac17721b2330eefe413284d77c19	tree \| snapshot
parent	8799b15a11fa940cba1e0085775eee5b6e6825d5	commit \| diff

{pktgen, xfrm} Update IPv4 header total len and checksum after tranformation

[ Upstream commit 3868204d6b89ea373a273e760609cb08020beb1a ]

commit a553e4a6317b2cfc7659542c10fe43184ffe53da ("[PKTGEN]: IPSEC support")
tried to support IPsec ESP transport transformation for pktgen, but acctually
this doesn't work at all for two reasons(The orignal transformed packet has
bad IPv4 checksum value, as well as wrong auth value, reported by wireshark)

- After transpormation, IPv4 header total length needs update,
because encrypted payload's length is NOT same as that of plain text.

- After transformation, IPv4 checksum needs re-caculate because of payload
has been changed.

With this patch, armmed pktgen with below cofiguration, Wireshark is able to
decrypted ESP packet generated by pktgen without any IPv4 checksum error or
auth value error.

pgset "flag IPSEC"
pgset "flows 1"

Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>