Commit 1cc5f24f authored by James Morris's avatar James Morris Committed by David S. Miller

[IPVS]: IPVS needs checksum fixups.

Here's an additional patch for ipvs, which also mangles packets via 
netfilter and was previously depending on the checksum helper in 
nf_hook_slow().
Signed-of-by: default avatarJames Morris <jmorris@redhat.com>
Signed-of-by: default avatarDavid S. Miller <davem@redhat.com>
parent 62105cb5
...@@ -735,6 +735,13 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, ...@@ -735,6 +735,13 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
if (skb->nfcache & NFC_IPVS_PROPERTY) if (skb->nfcache & NFC_IPVS_PROPERTY)
return NF_ACCEPT; return NF_ACCEPT;
if (skb->ip_summed == CHECKSUM_HW) {
if (skb_checksum_help(pskb, (out == NULL)))
return NF_DROP;
if (skb != *pskb)
skb = *pskb;
}
iph = skb->nh.iph; iph = skb->nh.iph;
if (unlikely(iph->protocol == IPPROTO_ICMP)) { if (unlikely(iph->protocol == IPPROTO_ICMP)) {
int related, verdict = ip_vs_out_icmp(pskb, &related); int related, verdict = ip_vs_out_icmp(pskb, &related);
...@@ -974,6 +981,13 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, ...@@ -974,6 +981,13 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
return NF_ACCEPT; return NF_ACCEPT;
} }
if (skb->ip_summed == CHECKSUM_HW) {
if (skb_checksum_help(pskb, (out == NULL)))
return NF_DROP;
if (skb != *pskb)
skb = *pskb;
}
iph = skb->nh.iph; iph = skb->nh.iph;
if (unlikely(iph->protocol == IPPROTO_ICMP)) { if (unlikely(iph->protocol == IPPROTO_ICMP)) {
int related, verdict = ip_vs_in_icmp(pskb, &related); int related, verdict = ip_vs_in_icmp(pskb, &related);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment