diff options
author | Filip Varga <fivarga@cisco.com> | 2019-10-21 18:18:00 +0200 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2019-10-28 10:56:49 +0000 |
commit | 0d75f783644a24b219ed79d9f9c17387783f67ca (patch) | |
tree | 1614401fb2cce079ef4d2441dd611322f531c8f1 /src/plugins/nat/nat_det_in2out.c | |
parent | 4aacc01f2ec95ff0a6bbc04c3c573ab5936c9489 (diff) |
nat: respect udp checksum
Type: fix
Change-Id: I73895fa0101bd50483160c8dc6faac2c67513077
Signed-off-by: Filip Varga <fivarga@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat_det_in2out.c')
-rw-r--r-- | src/plugins/nat/nat_det_in2out.c | 69 |
1 files changed, 48 insertions, 21 deletions
diff --git a/src/plugins/nat/nat_det_in2out.c b/src/plugins/nat/nat_det_in2out.c index 918e1f5f9c0..832a2bae947 100644 --- a/src/plugins/nat/nat_det_in2out.c +++ b/src/plugins/nat/nat_det_in2out.c @@ -392,7 +392,8 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, } } - new_port0 = ses0->out.out_port; + old_port0 = udp0->src_port; + udp0->src_port = new_port0 = ses0->out.out_port; old_addr0.as_u32 = ip0->src_address.as_u32; ip0->src_address.as_u32 = new_addr0.as_u32; @@ -424,9 +425,6 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, && ses0->state == SNAT_SESSION_UNKNOWN) ses0->state = SNAT_SESSION_TCP_ESTABLISHED; - old_port0 = tcp0->src; - tcp0->src = new_port0; - sum0 = tcp0->checksum; sum0 = ip_csum_update (sum0, old_addr0.as_u32, new_addr0.as_u32, ip4_header_t, @@ -440,9 +438,20 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, else { ses0->state = SNAT_SESSION_UDP_ACTIVE; - old_port0 = udp0->src_port; - udp0->src_port = new_port0; - udp0->checksum = 0; + + if (PREDICT_FALSE (udp0->checksum)) + { + sum0 = udp0->checksum; + sum0 = + ip_csum_update (sum0, old_addr0.as_u32, new_addr0.as_u32, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = + ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); + } } switch (ses0->state) @@ -556,7 +565,8 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, } } - new_port1 = ses1->out.out_port; + old_port1 = udp1->src_port; + udp1->src_port = new_port1 = ses1->out.out_port; old_addr1.as_u32 = ip1->src_address.as_u32; ip1->src_address.as_u32 = new_addr1.as_u32; @@ -588,9 +598,6 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, && ses1->state == SNAT_SESSION_UNKNOWN) ses1->state = SNAT_SESSION_TCP_ESTABLISHED; - old_port1 = tcp1->src; - tcp1->src = new_port1; - sum1 = tcp1->checksum; sum1 = ip_csum_update (sum1, old_addr1.as_u32, new_addr1.as_u32, ip4_header_t, @@ -604,9 +611,20 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, else { ses1->state = SNAT_SESSION_UDP_ACTIVE; - old_port1 = udp1->src_port; - udp1->src_port = new_port1; - udp1->checksum = 0; + + if (PREDICT_FALSE (udp1->checksum)) + { + sum1 = udp1->checksum; + sum1 = + ip_csum_update (sum1, old_addr1.as_u32, new_addr1.as_u32, + ip4_header_t, + dst_address /* changed member */ ); + sum1 = + ip_csum_update (sum1, old_port1, new_port1, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp1->checksum = ip_csum_fold (sum1); + } } switch (ses1->state) @@ -756,7 +774,8 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, } } - new_port0 = ses0->out.out_port; + old_port0 = udp0->src_port; + udp0->src_port = new_port0 = ses0->out.out_port; old_addr0.as_u32 = ip0->src_address.as_u32; ip0->src_address.as_u32 = new_addr0.as_u32; @@ -788,9 +807,6 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, && ses0->state == SNAT_SESSION_UNKNOWN) ses0->state = SNAT_SESSION_TCP_ESTABLISHED; - old_port0 = tcp0->src; - tcp0->src = new_port0; - sum0 = tcp0->checksum; sum0 = ip_csum_update (sum0, old_addr0.as_u32, new_addr0.as_u32, ip4_header_t, @@ -804,9 +820,20 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm, else { ses0->state = SNAT_SESSION_UDP_ACTIVE; - old_port0 = udp0->src_port; - udp0->src_port = new_port0; - udp0->checksum = 0; + + if (PREDICT_FALSE (udp0->checksum)) + { + sum0 = udp0->checksum; + sum0 = + ip_csum_update (sum0, old_addr0.as_u32, new_addr0.as_u32, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = + ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); + } } switch (ses0->state) |