[PATCH] net/sched: act_nat: fix inner IP header checksum in ICMP error packets

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] net/sched: act_nat: fix inner IP header checksum in ICMP error packets
@ 2026-04-03 11:02 David Carlier
  2026-04-03 11:38 ` Eric Dumazet
  0 siblings, 1 reply; 3+ messages in thread
From: David Carlier @ 2026-04-03 11:02 UTC (permalink / raw)
  To: 'David S . Miller', Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Simon Horman, Herbert Xu
  Cc: netdev, David Carlier, stable

Update the inner IP header checksum when rewriting addresses
inside ICMP error payloads, matching netfilter's nf_nat_ipv4_manip_pkt()
behavior.

Fixes: b4219952356b ("[PKT_SCHED]: Add stateless NAT")
Cc: stable@vger.kernel.org
Signed-off-by: David Carlier <devnexen@gmail.com>
---
 net/sched/act_nat.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index abb332dee836..cd1d299da57c 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -242,7 +242,9 @@ TC_INDIRECT_SCOPE int tcf_nat_act(struct sk_buff *skb,
 		new_addr &= mask;
 		new_addr |= addr & ~mask;
 
-		/* XXX Fix up the inner checksums. */
+		/* Update inner IP header checksum after address rewrite */
+		csum_replace4(&iph->check, addr, new_addr);
+
 		if (egress)
 			iph->daddr = new_addr;
 		else
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] net/sched: act_nat: fix inner IP header checksum in ICMP error packets
  2026-04-03 11:02 [PATCH] net/sched: act_nat: fix inner IP header checksum in ICMP error packets David Carlier
@ 2026-04-03 11:38 ` Eric Dumazet
  2026-04-03 11:47   ` David CARLIER
  0 siblings, 1 reply; 3+ messages in thread
From: Eric Dumazet @ 2026-04-03 11:38 UTC (permalink / raw)
  To: David Carlier
  Cc: David S . Miller, Jakub Kicinski, Paolo Abeni, Simon Horman,
	Herbert Xu, netdev, stable, Jamal Hadi Salim

On Fri, Apr 3, 2026 at 4:02 AM David Carlier <devnexen@gmail.com> wrote:
>
> Update the inner IP header checksum when rewriting addresses
> inside ICMP error payloads, matching netfilter's nf_nat_ipv4_manip_pkt()
> behavior.
>
> Fixes: b4219952356b ("[PKT_SCHED]: Add stateless NAT")
> Cc: stable@vger.kernel.org
> Signed-off-by: David Carlier <devnexen@gmail.com>
> ---
>  net/sched/act_nat.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
> index abb332dee836..cd1d299da57c 100644
> --- a/net/sched/act_nat.c
> +++ b/net/sched/act_nat.c
> @@ -242,7 +242,9 @@ TC_INDIRECT_SCOPE int tcf_nat_act(struct sk_buff *skb,
>                 new_addr &= mask;
>                 new_addr |= addr & ~mask;
>
> -               /* XXX Fix up the inner checksums. */
> +               /* Update inner IP header checksum after address rewrite */
> +               csum_replace4(&iph->check, addr, new_addr);
> +

~20 years old code, are we sure this fix is needed?
How was this patch was tested?

A selftest would be great.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] net/sched: act_nat: fix inner IP header checksum in ICMP error packets
  2026-04-03 11:38 ` Eric Dumazet
@ 2026-04-03 11:47   ` David CARLIER
  0 siblings, 0 replies; 3+ messages in thread
From: David CARLIER @ 2026-04-03 11:47 UTC (permalink / raw)
  To: Eric Dumazet
  Cc: David S . Miller, Jakub Kicinski, Paolo Abeni, Simon Horman,
	Herbert Xu, netdev, stable, Jamal Hadi Salim

Hi eric,

On Fri, 3 Apr 2026 at 12:38, Eric Dumazet <edumazet@google.com> wrote:
>
> On Fri, Apr 3, 2026 at 4:02 AM David Carlier <devnexen@gmail.com> wrote:
> >
> > Update the inner IP header checksum when rewriting addresses
> > inside ICMP error payloads, matching netfilter's nf_nat_ipv4_manip_pkt()
> > behavior.
> >
> > Fixes: b4219952356b ("[PKT_SCHED]: Add stateless NAT")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: David Carlier <devnexen@gmail.com>
> > ---
> >  net/sched/act_nat.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
> > index abb332dee836..cd1d299da57c 100644
> > --- a/net/sched/act_nat.c
> > +++ b/net/sched/act_nat.c
> > @@ -242,7 +242,9 @@ TC_INDIRECT_SCOPE int tcf_nat_act(struct sk_buff *skb,
> >                 new_addr &= mask;
> >                 new_addr |= addr & ~mask;
> >
> > -               /* XXX Fix up the inner checksums. */
> > +               /* Update inner IP header checksum after address rewrite */
> > +               csum_replace4(&iph->check, addr, new_addr);
> > +
>
> ~20 years old code, are we sure this fix is needed?
> How was this patch was tested?
>
> A selftest would be great.

Ok sounds fair

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-04-03 11:48 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-03 11:02 [PATCH] net/sched: act_nat: fix inner IP header checksum in ICMP error packets David Carlier
2026-04-03 11:38 ` Eric Dumazet
2026-04-03 11:47   ` David CARLIER

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox