]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d7b4cb6) | patch
netfilter: conntrack: skip verification of zero UDP checksum
authorKevin Mitchell <kevmitch@arista.com>
Sat, 30 Apr 2022 03:40:27 +0000 (20:40 -0700)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 13 May 2022 16:56:28 +0000 (18:56 +0200)
commitf6bca4247c55abdd85d5f4476e66368f65b658de
tree287511e3eef2de3ab09b254d707966341b92b3d3tree | snapshot
parentd7b4cb63ee79761a596742ad2e303d5991e1931ecommit | diff
netfilter: conntrack: skip verification of zero UDP checksum

The checksum is optional for UDP packets. However nf_reject would
previously require a valid checksum to elicit a response such as
ICMP_DEST_UNREACH.

Add some logic to nf_reject_verify_csum to determine if a UDP packet has
a zero checksum and should therefore not be verified.

Signed-off-by: Kevin Mitchell <kevmitch@arista.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_reject.h diff | blob | history
net/ipv4/netfilter/nf_reject_ipv4.c diff | blob | history
net/ipv6/netfilter/nf_reject_ipv6.c diff | blob | history
Linux Kernel Source Tree.