Revert "netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY"

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This reverts commit 5bed9f3f63f8f9d2b1758c24640cbf77b5377511.

Gal Presman says:
this patch broke geneve tunnels, or possibly all udp tunnels?
A simple test that creates two geneve tunnels and runs tcp iperf fails
and results in checksum errors (TcpInCsumErrors).

Original commit wanted to fix nf_reject with zero checksum,
so it appears better to change nf reject infra instead.

Fixes: 5bed9f3f63f8f ("netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY")
Reported-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 4 years ago bbfbf7a5 ef132dc4

+1 -3

1 changed file

expand all

net

netfilter

nf_conntrack_proto_udp.c

+1 -3

net/netfilter/nf_conntrack_proto_udp.c

··· 63 63 } 64 64 65 65 /* Packet with no checksum */ 66 - if (!hdr->check) { 67 - skb->ip_summed = CHECKSUM_UNNECESSARY; 66 + if (!hdr->check) 68 67 return false; 69 - } 70 68 71 69 /* Checksum invalid? Ignore. 72 70 * We skip checking packets on the outgoing path