git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 9 Sep 2024 10:48:33 +0000 (12:48 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 10 Sep 2024 13:52:38 +0000 (15:52 +0200)
commit	f89abfb4068d31f7279cae298abf25e0c077d2d3
tree	3be03be64df0a6d00fa99809dd7e39a74d1afdbb	tree
parent	a1365628eaa73199aab32bda06c9ddd446613849	commit \| diff

proto: use NFT_PAYLOAD_L4CSUM_PSEUDOHDR flag to mangle UDP checksum

There are two mechanisms to update the UDP checksum field:

1) _CSUM_TYPE and _CSUM_OFFSET which specify the type of checksum
(e.g. inet) and offset where it is located.
2) use NFT_PAYLOAD_L4CSUM_PSEUDOHDR flag to use layer 4 kernel
protocol parser.

The problem with 1) is that it is inconditional, that is, csum_type and
csum_offset cannot deal with zero UDP checksum.

Use NFT_PAYLOAD_L4CSUM_PSEUDOHDR flag instead since it relies on the
layer 4 kernel parser which skips updating zero UDP checksum.

Extend test coverage for the UDP mangling with and without zero
checksum.

Fixes: e6c9174e13b2 ("proto: add checksum key information to struct proto_desc")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/netlink_linearize.c		diff \| blob \| blame \| history
src/proto.c		diff \| blob \| blame \| history
tests/shell/testcases/packetpath/payload		diff \| blob \| blame \| history