projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3412e16) | patch
netfilter: conntrack: skip verification of zero UDP checksum
authorKevin Mitchell <kevmitch@arista.com>
Sat, 30 Apr 2022 03:40:27 +0000 (20:40 -0700)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 13 May 2022 16:56:28 +0000 (18:56 +0200)
commit4f9bd53084d18c2f9f1ec68fa56587b99a2cef00
tree287511e3eef2de3ab09b254d707966341b92b3d3tree | snapshot
parent3412e16418286bdc12561827cbd22f94cb8af5e1commit | diff
netfilter: conntrack: skip verification of zero UDP checksum

The checksum is optional for UDP packets. However nf_reject would
previously require a valid checksum to elicit a response such as
ICMP_DEST_UNREACH.

Add some logic to nf_reject_verify_csum to determine if a UDP packet has
a zero checksum and should therefore not be verified.

Signed-off-by: Kevin Mitchell <kevmitch@arista.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_reject.h diff | blob | history
net/ipv4/netfilter/nf_reject_ipv4.c diff | blob | history
net/ipv6/netfilter/nf_reject_ipv6.c diff | blob | history
ep93xx device tree rework repo: git://git.maquefel.me/linux.git