From b9e391e7b08ed8f6f32401eae5d6525aab904737 Mon Sep 17 00:00:00 2001 From: Artem Glazychev Date: Tue, 25 Oct 2022 18:48:40 +0700 Subject: wireguard: compute checksum for outer ipv6 header Type: fix Signed-off-by: Artem Glazychev Change-Id: I477e92712e441c91789afdf9be389d967acfa799 --- src/plugins/wireguard/wireguard_send.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/plugins/wireguard/wireguard_send.c') diff --git a/src/plugins/wireguard/wireguard_send.c b/src/plugins/wireguard/wireguard_send.c index adfa5cac3de..72fa11034bf 100644 --- a/src/plugins/wireguard/wireguard_send.c +++ b/src/plugins/wireguard/wireguard_send.c @@ -41,7 +41,8 @@ ip46_enqueue_packet (vlib_main_t *vm, u32 bi0, int is_ip4) } static void -wg_buffer_prepend_rewrite (vlib_buffer_t *b0, const u8 *rewrite, u8 is_ip4) +wg_buffer_prepend_rewrite (vlib_main_t *vm, vlib_buffer_t *b0, + const u8 *rewrite, u8 is_ip4) { if (is_ip4) { @@ -72,6 +73,13 @@ wg_buffer_prepend_rewrite (vlib_buffer_t *b0, const u8 *rewrite, u8 is_ip4) hdr6->ip6.payload_length = hdr6->udp.length = clib_host_to_net_u16 (b0->current_length - sizeof (ip6_header_t)); + + /* IPv6 UDP checksum is mandatory */ + int bogus = 0; + ip6_header_t *ip6_0 = &(hdr6->ip6); + hdr6->udp.checksum = + ip6_tcp_udp_icmp_compute_checksum (vm, b0, ip6_0, &bogus); + ASSERT (bogus == 0); } } @@ -93,7 +101,7 @@ wg_create_buffer (vlib_main_t *vm, const u8 *rewrite, const u8 *packet, b0->current_length = packet_len; - wg_buffer_prepend_rewrite (b0, rewrite, is_ip4); + wg_buffer_prepend_rewrite (vm, b0, rewrite, is_ip4); return true; } -- cgit 1.2.3-korg