For translated packets do not adjust UDP checksum if it is zero.

In case when decrypted and decapsulated packet is an UDP datagram, check that its checksum is not zero before doing incremental checksum adjustment. Reported by: Eugene Grosbein Tested by: Eugene Grosbein
2017-02-18 19:53:37 +00:00 · 2017-02-18 19:53:37 +00:00 · a74c9ad083
commit a74c9ad083
parent 0a7efde9f0
1 changed files with 3 additions and 0 deletions
--- a/sys/netipsec/udpencap.c
+++ b/sys/netipsec/udpencap.c
@ -266,6 +266,9 @@ udp_ipsec_adjust_cksum(struct mbuf *m, struct secasvar *sav, int proto,
 			/* Incrementally recompute. */
 			m_copydata(m, skip + off, sizeof(cksum),
 			    (caddr_t)&cksum);
+			/* Do not adjust UDP checksum if it is zero. */
+			if (proto == IPPROTO_UDP && cksum == 0)
+				return;
 			cksum = in_addword(cksum, sav->natt->cksum);
 		} else {
 			/* No OA from IKEd. */