From: Changli Gao <xiaosuo@gmail.com>
To: Jamal Hadi Salim <hadi@cyberus.ca>
Cc: "David S. Miller" <davem@davemloft.net>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Changli Gao <xiaosuo@gmail.com>
Subject: [PATCH] act_nat: fix the wrong checksum when addr isn't in old_addr/mask
Date: Sat, 29 May 2010 18:41:51 +0800 [thread overview]
Message-ID: <1275129711-21486-1-git-send-email-xiaosuo@gmail.com> (raw)
fix the wrong checksum when addr isn't in old_addr/mask
When addr isn't in old_addr/mask we don't do SNAT or DNAT, and we should not
update the checksum too.
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
----
net/sched/act_nat.c | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index d885ba3..f9b12a9 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -142,24 +142,25 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
else
addr = iph->daddr;
- if (!((old_addr ^ addr) & mask)) {
- if (skb_cloned(skb) &&
- !skb_clone_writable(skb, sizeof(*iph)) &&
- pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
- goto drop;
+ if ((old_addr ^ addr) & mask)
+ goto out;
- new_addr &= mask;
- new_addr |= addr & ~mask;
+ if (skb_cloned(skb) &&
+ !skb_clone_writable(skb, sizeof(*iph)) &&
+ pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+ goto drop;
- /* Rewrite IP header */
- iph = ip_hdr(skb);
- if (egress)
- iph->saddr = new_addr;
- else
- iph->daddr = new_addr;
+ new_addr &= mask;
+ new_addr |= addr & ~mask;
- csum_replace4(&iph->check, addr, new_addr);
- }
+ /* Rewrite IP header */
+ iph = ip_hdr(skb);
+ if (egress)
+ iph->saddr = new_addr;
+ else
+ iph->daddr = new_addr;
+
+ csum_replace4(&iph->check, addr, new_addr);
ihl = iph->ihl * 4;
@@ -247,6 +248,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
break;
}
+out:
return action;
drop:
reply other threads:[~2010-05-29 10:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1275129711-21486-1-git-send-email-xiaosuo@gmail.com \
--to=xiaosuo@gmail.com \
--cc=davem@davemloft.net \
--cc=hadi@cyberus.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).