[PATCH net] {pktgen, xfrm} re-caculate IPv4 checksum after transformation

[PATCH net] {pktgen, xfrm} re-caculate IPv4 checksum after transformation

[Fan Du]

I accidently observed incorrect IPv4 checksum by wireshark
when armming pktgen with IPsec by ESP transport mode with
following pktgen configuration:

pgset "flag IPSEC"
pgset "flows 1"

It seems that after transformation, IPv4 checksum remains the
origianl checksum as before, so encrypted packet will never
reach receiver's upper layer because of wrong IPv4 checksum
value.

Fix this by re-caculate checksum value.

Signed-off-by: Fan Du <fan.du@windriver.com>
---
 net/core/pktgen.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 261357a..8d13b41 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -2786,6 +2786,8 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
 #ifdef CONFIG_XFRM
 	if (!process_ipsec(pkt_dev, skb, protocol))
 		return NULL;
+	iph = ip_hdr(skb);
+	ip_send_check(iph);
 #endif
 
 	return skb;
-- 
1.7.9.5

Re: [PATCH net] {pktgen, xfrm} re-caculate IPv4 checksum after transformation

[David Miller]

From: Fan Du <fan.du@windriver.com>
Date: Fri, 29 Nov 2013 10:59:09 +0800

> @@ -2786,6 +2786,8 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
>  #ifdef CONFIG_XFRM
>  	if (!process_ipsec(pkt_dev, skb, protocol))
>  		return NULL;
> +	iph = ip_hdr(skb);
> +	ip_send_check(iph);
>  #endif

This is rediculous.  You're computing the checksum _twice_ unconditionally,
even if process_ipsec() does _nothing_.

Make process_ipsec() fix the checksum, but only if it actually does
something which makes the recomputation even necessary.

Thanks.