[Bug 1742] using nfqueue breaks SCTP connection (tracking)
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri May 3 15:04:15 CEST 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1742
--- Comment #8 from Antonio Ojea <antonio.ojea.garcia at gmail.com> ---
It is the first time that I send a patch to the kernel so sorry in advance for
all the noise :)
Let me describe the situation, I think I didn't get right the problem, these
are the patches I sent
https://patchwork.ozlabs.org/project/netfilter-devel/list/?series=405380
I have a test in patch 2 that reproduces the problem, that I think is good
If I apply patch 1 IIUIC it skips skb_checksum_help() , this patch solves the
problem but does not seem right, does it?
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 00f4bd21c59b..428014aea396 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -600,6 +600,7 @@ nfqnl_build_packet_message(struct net *net, struct
nfqnl_instance *queue,
case NFQNL_COPY_PACKET:
if (!(queue->flags & NFQA_CFG_F_GSO) &&
entskb->ip_summed == CHECKSUM_PARTIAL &&
+ (skb_csum_is_sctp(entskb) && skb_crc32c_csum_help(entskb)) &&
skb_checksum_help(entskb))
return NULL;
If instead of an AND I use an OR
- skb_checksum_help(entskb))
+ ((skb_csum_is_sctp(entskb) &&
skb_crc32c_csum_help(entskb)) ||
+ skb_checksum_help(entskb)))
now the test fails ... so it seems the problem is skb_checksum_help() ??
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240503/40c64460/attachment.html>
More information about the netfilter-buglog
mailing list