git: e21c3dae6767 - main - pf: map checksum offloading flags for NAT64

Thu, 04 Sep 2025 04:42:41 -0700 

The branch main has been updated by tuexen:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=e21c3dae676776518b2abf69ef960084c13a21c1

commit e21c3dae676776518b2abf69ef960084c13a21c1
Author:     Timo Völker <[email protected]>
AuthorDate: 2025-09-04 11:35:00 +0000
Commit:     Michael Tuexen <[email protected]>
CommitDate: 2025-09-04 11:35:00 +0000

    pf: map checksum offloading flags for NAT64
    
    When doing NAT64, not only map the packet, but also map the
    csum_flags in the mbuf header.
    This fixes NAT64 when pf is used in combination with transmit
    checksum offloading.
    
    Reviewed by:    kp, tuexen
    MFC after:      1 week
---
 sys/netpfil/pf/pf.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index d15a16c54f81..242152f17db0 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -3633,6 +3633,18 @@ pf_translate_af(struct pf_pdesc *pd)
                pd->src = (struct pf_addr *)&ip4->ip_src;
                pd->dst = (struct pf_addr *)&ip4->ip_dst;
                pd->off = sizeof(struct ip);
+               if (pd->m->m_pkthdr.csum_flags & CSUM_TCP_IPV6) {
+                       pd->m->m_pkthdr.csum_flags &= ~CSUM_TCP_IPV6;
+                       pd->m->m_pkthdr.csum_flags |= CSUM_TCP;
+               }
+               if (pd->m->m_pkthdr.csum_flags & CSUM_UDP_IPV6) {
+                       pd->m->m_pkthdr.csum_flags &= ~CSUM_UDP_IPV6;
+                       pd->m->m_pkthdr.csum_flags |= CSUM_UDP;
+               }
+               if (pd->m->m_pkthdr.csum_flags & CSUM_SCTP_IPV6) {
+                       pd->m->m_pkthdr.csum_flags &= ~CSUM_SCTP_IPV6;
+                       pd->m->m_pkthdr.csum_flags |= CSUM_SCTP;
+               }
                break;
        case AF_INET6:
                ip6 = mtod(pd->m, struct ip6_hdr *);
@@ -3650,6 +3662,18 @@ pf_translate_af(struct pf_pdesc *pd)
                pd->src = (struct pf_addr *)&ip6->ip6_src;
                pd->dst = (struct pf_addr *)&ip6->ip6_dst;
                pd->off = sizeof(struct ip6_hdr);
+               if (pd->m->m_pkthdr.csum_flags & CSUM_TCP) {
+                       pd->m->m_pkthdr.csum_flags &= ~CSUM_TCP;
+                       pd->m->m_pkthdr.csum_flags |= CSUM_TCP_IPV6;
+               }
+               if (pd->m->m_pkthdr.csum_flags & CSUM_UDP) {
+                       pd->m->m_pkthdr.csum_flags &= ~CSUM_UDP;
+                       pd->m->m_pkthdr.csum_flags |= CSUM_UDP_IPV6;
+               }
+               if (pd->m->m_pkthdr.csum_flags & CSUM_SCTP) {
+                       pd->m->m_pkthdr.csum_flags &= ~CSUM_SCTP;
+                       pd->m->m_pkthdr.csum_flags |= CSUM_SCTP_IPV6;
+               }
 
                /*
                 * If we're dealing with a reassembled packet we need to adjust

Reply via email to