From 6e334e3e77bb156a9317a37500077a218a04f7a3 Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Mon, 31 Aug 2020 18:59:34 +0200
Subject: ip: fix ip zero checksum verification
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In one's complement, there are two representations of zero: the all
zero and the all one bit values, often referred to as +0 and -0. See
RFC 1624 section 3 for more details.
This used to be taken care of in ip4_header_checksum(), but it is no
longer the case. The check ip->checksum == ip4_header_checksum (ip) is
no longer correct in the -0 case.
Always use ip4_header_checksum_is_valid() instead (which behaves
correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4).

Type: fix
Fixes: e5f0050c7a5d411f96af6401797529d58825e2af

Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vnet/ipfix-export/flow_report_classify.c | 4 ++--
 src/vnet/ipfix-export/ipfix_doc.md           | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/vnet/ipfix-export')

diff --git a/src/vnet/ipfix-export/flow_report_classify.c b/src/vnet/ipfix-export/flow_report_classify.c
index f004e9a0806..58f623db145 100644
--- a/src/vnet/ipfix-export/flow_report_classify.c
+++ b/src/vnet/ipfix-export/flow_report_classify.c
@@ -321,7 +321,7 @@ ipfix_classify_send_flows (flow_report_main_t * frm,
 			udp->checksum = 0xffff;
 		    }
 
-		  ASSERT (ip->checksum == ip4_header_checksum (ip));
+		  ASSERT (ip4_header_checksum_is_valid (ip));
 
 		  to_next[0] = bi0;
 		  f->n_vectors++;
@@ -376,7 +376,7 @@ flush:
 	    udp->checksum = 0xffff;
 	}
 
-      ASSERT (ip->checksum == ip4_header_checksum (ip));
+      ASSERT (ip4_header_checksum_is_valid (ip));
 
       to_next[0] = bi0;
       f->n_vectors++;
diff --git a/src/vnet/ipfix-export/ipfix_doc.md b/src/vnet/ipfix-export/ipfix_doc.md
index 59118f68e11..1c7aad7750d 100644
--- a/src/vnet/ipfix-export/ipfix_doc.md
+++ b/src/vnet/ipfix-export/ipfix_doc.md
@@ -259,7 +259,7 @@ This function creates the packet header for an ipfix data packet
       	udp->checksum = 0xffff;
           }
 
-        ASSERT (ip->checksum == ip4_header_checksum (ip));
+        ASSERT (ip4_header_checksum_is_valid (ip));
 
         vlib_put_frame_to_node (vm, ip4_lookup_node.index, f);
       }  
-- 
cgit 1.2.3-korg