From 0d75f783644a24b219ed79d9f9c17387783f67ca Mon Sep 17 00:00:00 2001
From: Filip Varga <fivarga@cisco.com>
Date: Mon, 21 Oct 2019 18:18:00 +0200
Subject: nat: respect udp checksum

Type: fix

Change-Id: I73895fa0101bd50483160c8dc6faac2c67513077
Signed-off-by: Filip Varga <fivarga@cisco.com>
---
 src/plugins/nat/nat_det_in2out.c | 69 ++++++++++++++++++++++++++++------------
 1 file changed, 48 insertions(+), 21 deletions(-)

(limited to 'src/plugins/nat/nat_det_in2out.c')

diff --git a/src/plugins/nat/nat_det_in2out.c b/src/plugins/nat/nat_det_in2out.c
index 918e1f5f9c0..832a2bae947 100644
--- a/src/plugins/nat/nat_det_in2out.c
+++ b/src/plugins/nat/nat_det_in2out.c
@@ -392,7 +392,8 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 		}
 	    }
 
-	  new_port0 = ses0->out.out_port;
+	  old_port0 = udp0->src_port;
+	  udp0->src_port = new_port0 = ses0->out.out_port;
 
 	  old_addr0.as_u32 = ip0->src_address.as_u32;
 	  ip0->src_address.as_u32 = new_addr0.as_u32;
@@ -424,9 +425,6 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 		       && ses0->state == SNAT_SESSION_UNKNOWN)
 		ses0->state = SNAT_SESSION_TCP_ESTABLISHED;
 
-	      old_port0 = tcp0->src;
-	      tcp0->src = new_port0;
-
 	      sum0 = tcp0->checksum;
 	      sum0 = ip_csum_update (sum0, old_addr0.as_u32, new_addr0.as_u32,
 				     ip4_header_t,
@@ -440,9 +438,20 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 	  else
 	    {
 	      ses0->state = SNAT_SESSION_UDP_ACTIVE;
-	      old_port0 = udp0->src_port;
-	      udp0->src_port = new_port0;
-	      udp0->checksum = 0;
+
+	      if (PREDICT_FALSE (udp0->checksum))
+		{
+		  sum0 = udp0->checksum;
+		  sum0 =
+		    ip_csum_update (sum0, old_addr0.as_u32, new_addr0.as_u32,
+				    ip4_header_t,
+				    dst_address /* changed member */ );
+		  sum0 =
+		    ip_csum_update (sum0, old_port0, new_port0,
+				    ip4_header_t /* cheat */ ,
+				    length /* changed member */ );
+		  udp0->checksum = ip_csum_fold (sum0);
+		}
 	    }
 
 	  switch (ses0->state)
@@ -556,7 +565,8 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 		}
 	    }
 
-	  new_port1 = ses1->out.out_port;
+	  old_port1 = udp1->src_port;
+	  udp1->src_port = new_port1 = ses1->out.out_port;
 
 	  old_addr1.as_u32 = ip1->src_address.as_u32;
 	  ip1->src_address.as_u32 = new_addr1.as_u32;
@@ -588,9 +598,6 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 		       && ses1->state == SNAT_SESSION_UNKNOWN)
 		ses1->state = SNAT_SESSION_TCP_ESTABLISHED;
 
-	      old_port1 = tcp1->src;
-	      tcp1->src = new_port1;
-
 	      sum1 = tcp1->checksum;
 	      sum1 = ip_csum_update (sum1, old_addr1.as_u32, new_addr1.as_u32,
 				     ip4_header_t,
@@ -604,9 +611,20 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 	  else
 	    {
 	      ses1->state = SNAT_SESSION_UDP_ACTIVE;
-	      old_port1 = udp1->src_port;
-	      udp1->src_port = new_port1;
-	      udp1->checksum = 0;
+
+	      if (PREDICT_FALSE (udp1->checksum))
+		{
+		  sum1 = udp1->checksum;
+		  sum1 =
+		    ip_csum_update (sum1, old_addr1.as_u32, new_addr1.as_u32,
+				    ip4_header_t,
+				    dst_address /* changed member */ );
+		  sum1 =
+		    ip_csum_update (sum1, old_port1, new_port1,
+				    ip4_header_t /* cheat */ ,
+				    length /* changed member */ );
+		  udp1->checksum = ip_csum_fold (sum1);
+		}
 	    }
 
 	  switch (ses1->state)
@@ -756,7 +774,8 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 		}
 	    }
 
-	  new_port0 = ses0->out.out_port;
+	  old_port0 = udp0->src_port;
+	  udp0->src_port = new_port0 = ses0->out.out_port;
 
 	  old_addr0.as_u32 = ip0->src_address.as_u32;
 	  ip0->src_address.as_u32 = new_addr0.as_u32;
@@ -788,9 +807,6 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 		       && ses0->state == SNAT_SESSION_UNKNOWN)
 		ses0->state = SNAT_SESSION_TCP_ESTABLISHED;
 
-	      old_port0 = tcp0->src;
-	      tcp0->src = new_port0;
-
 	      sum0 = tcp0->checksum;
 	      sum0 = ip_csum_update (sum0, old_addr0.as_u32, new_addr0.as_u32,
 				     ip4_header_t,
@@ -804,9 +820,20 @@ VLIB_NODE_FN (snat_det_in2out_node) (vlib_main_t * vm,
 	  else
 	    {
 	      ses0->state = SNAT_SESSION_UDP_ACTIVE;
-	      old_port0 = udp0->src_port;
-	      udp0->src_port = new_port0;
-	      udp0->checksum = 0;
+
+	      if (PREDICT_FALSE (udp0->checksum))
+		{
+		  sum0 = udp0->checksum;
+		  sum0 =
+		    ip_csum_update (sum0, old_addr0.as_u32, new_addr0.as_u32,
+				    ip4_header_t,
+				    dst_address /* changed member */ );
+		  sum0 =
+		    ip_csum_update (sum0, old_port0, new_port0,
+				    ip4_header_t /* cheat */ ,
+				    length /* changed member */ );
+		  udp0->checksum = ip_csum_fold (sum0);
+		}
 	    }
 
 	  switch (ses0->state)
-- 
cgit 1.2.3-korg