From 6e334e3e77bb156a9317a37500077a218a04f7a3 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Mon, 31 Aug 2020 18:59:34 +0200 Subject: ip: fix ip zero checksum verification MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In one's complement, there are two representations of zero: the all zero and the all one bit values, often referred to as +0 and -0. See RFC 1624 section 3 for more details. This used to be taken care of in ip4_header_checksum(), but it is no longer the case. The check ip->checksum == ip4_header_checksum (ip) is no longer correct in the -0 case. Always use ip4_header_checksum_is_valid() instead (which behaves correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4). Type: fix Fixes: e5f0050c7a5d411f96af6401797529d58825e2af Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf Signed-off-by: Benoît Ganne --- src/plugins/nat/nat_ipfix_logging.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/plugins/nat/nat_ipfix_logging.c') diff --git a/src/plugins/nat/nat_ipfix_logging.c b/src/plugins/nat/nat_ipfix_logging.c index 3b75260148f..42252b2eb0c 100644 --- a/src/plugins/nat/nat_ipfix_logging.c +++ b/src/plugins/nat/nat_ipfix_logging.c @@ -567,7 +567,7 @@ snat_ipfix_send (u32 thread_index, flow_report_main_t * frm, udp->checksum = 0xffff; } - ASSERT (ip->checksum == ip4_header_checksum (ip)); + ASSERT (ip4_header_checksum_is_valid (ip)); vlib_put_frame_to_node (vm, ip4_lookup_node.index, f); } -- cgit 1.2.3-korg