• James Morris's avatar
    [NETFILTER]: Fix checksum bug for multicast/broadcast packets on postrouting hook. · b0f17170
    James Morris authored
    In a nutshell, skb checksum mangling has been removed from
    nf_hook_slow() and pushed up to whatever really needs to do it.
    
    Namely:  NAT, ip_fw_compat, ipt_TCPMSS, IPSec transforms.
    
    skb_checksum_help() has been changed to perform an skb_copy() if needed 
    (e.g. the original problem case where bcast/mcast was cloning packets for 
    transmission over loopback, changing ip_summed).
    
    Because of the above, the output path has been modified to take into 
    account the fact that an skb may need to be changed in some places.  There 
    are some minor changes in the routing code to take care of the now 
    different input and output function prototypes.  The ipv6 fragmentation 
    code has been modified to detect a changed skb.
    
    The rest of the patch (probably the bulk of it) is simply the result of 
    changing to double skb pointers.
    
    I've tested this with ipv4, ipv6, ipsec (including xfrm bundles), NAT and 
    the original DHCP test case.  Everything seems to be working ok.
    Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
    b0f17170
ip.h 9.14 KB