Re: [PATCH] act_nat: the checksum of ICMP doesn't have pseudo header

From: Changli Gao
Date: Fri Jul 30 2010 - 06:10:47 EST

On Fri, Jul 30, 2010 at 5:09 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> On Fri, Jul 30, 2010 at 08:04:18AM +0800, Changli Gao wrote:
>> after updating the value of the ICMP payload, inet_proto_csum_replace4() should
>> be called with zero pseudohdr.
>> Signed-off-by: Changli Gao <xiaosuo@xxxxxxxxx>
> No, the code is correct as is.  We need to update the checksum
> even if the checksum is partial, which is what the 1 is for.

Is it really necessary, and I have noticed that netfilter doesn't call
inet_proto_csum_replace4 in this way.

static bool
icmp_manip_pkt(struct sk_buff *skb,
unsigned int iphdroff,
const struct nf_conntrack_tuple *tuple,
enum nf_nat_manip_type maniptype)
const struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
struct icmphdr *hdr;
unsigned int hdroff = iphdroff + iph->ihl*4;

if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
return false;

hdr = (struct icmphdr *)(skb->data + hdroff);
inet_proto_csum_replace2(&hdr->checksum, skb,
hdr->, tuple->, 0);
hdr-> = tuple->;
return true;


Changli Gao(xiaosuo@xxxxxxxxx)
