For translated packets do not adjust UDP checksum if it is zero.

In case when decrypted and decapsulated packet is an UDP datagram, check that its checksum is not zero before doing incremental checksum adjustment. Reported by: Eugene Grosbein Tested by: Eugene Grosbein
2017-02-18 19:53:37 +00:00 · 2017-02-18 19:53:37 +00:00 · fbed6d606a
commit fbed6d606a
parent dc3c93a954
1 changed files with 3 additions and 0 deletions
--- a/sys/netipsec/udpencap.c
+++ b/sys/netipsec/udpencap.c
@ -266,6 +266,9 @@ udp_ipsec_adjust_cksum(struct mbuf *m, struct secasvar *sav, int proto,
 			/* Incrementally recompute. */
 			m_copydata(m, skip + off, sizeof(cksum),
 			    (caddr_t)&cksum);
+			/* Do not adjust UDP checksum if it is zero. */
+			if (proto == IPPROTO_UDP && cksum == 0)
+				return;
 			cksum = in_addword(cksum, sav->natt->cksum);
 		} else {
 			/* No OA from IKEd. */