[OpenWrt-Devel] [PATCH] libnetfilter_queue: fix checksum computation

Alin Nastac Fri, 24 Jun 2016 05:41:46 -0700

There are 2 issues fixed by this patch:
  - UDP checksum is computed incorrectly, the used pseudo IP header
    contains transport protocol 6 iso 17
  - on big endian arches the UDP/TCP checksum is incorrectly
    computed when payload length is odd


Signed-off-by: Alin Nastac <alin.nas...@gmail.com>
---
 .../patches/100-checksum_computation.patch         | 117 +++++++++++++++++++++
 1 file changed, 117 insertions(+)
 create mode 100644 
package/libs/libnetfilter-queue/patches/100-checksum_computation.patch

diff --git 
a/package/libs/libnetfilter-queue/patches/100-checksum_computation.patch 
b/package/libs/libnetfilter-queue/patches/100-checksum_computation.patch
new file mode 100644
index 0000000..5d170f3
--- /dev/null
+++ b/package/libs/libnetfilter-queue/patches/100-checksum_computation.patch
@@ -0,0 +1,117 @@
+diff -Nru libnetfilter_queue-1.0.2.orig/src/extra/checksum.c 
libnetfilter_queue-1.0.2/src/extra/checksum.c
+--- libnetfilter_queue-1.0.2.orig/src/extra/checksum.c 2012-08-06 
14:50:10.596973900 +0200
++++ libnetfilter_queue-1.0.2/src/extra/checksum.c      2016-06-23 
17:06:50.266905883 +0200
+@@ -11,6 +11,7 @@
+ 
+ #include <stdio.h>
+ #include <stdbool.h>
++#include <endian.h>
+ #include <arpa/inet.h>
+ #include <netinet/ip.h>
+ #include <netinet/ip6.h>
+@@ -26,8 +27,13 @@
+               sum += *buf++;
+               size -= sizeof(uint16_t);
+       }
+-      if (size)
+-              sum += *(uint8_t *)buf;
++      if (size) {
++#if __BYTE_ORDER == __BIG_ENDIAN
++              sum += (uint16_t)*(uint8_t *)buf << 8;
++#else
++              sum += (uint16_t)*(uint8_t *)buf;
++#endif
++      }
+ 
+       sum = (sum >> 16) + (sum & 0xffff);
+       sum += (sum >>16);
+@@ -35,7 +41,7 @@
+       return (uint16_t)(~sum);
+ }
+ 
+-uint16_t checksum_tcpudp_ipv4(struct iphdr *iph)
++uint16_t checksum_tcpudp_ipv4(struct iphdr *iph, uint16_t protocol_id)
+ {
+       uint32_t sum = 0;
+       uint32_t iph_len = iph->ihl*4;
+@@ -46,13 +52,13 @@
+       sum += (iph->saddr) & 0xFFFF;
+       sum += (iph->daddr >> 16) & 0xFFFF;
+       sum += (iph->daddr) & 0xFFFF;
+-      sum += htons(IPPROTO_TCP);
++      sum += htons(protocol_id);
+       sum += htons(len);
+ 
+       return checksum(sum, (uint16_t *)payload, len);
+ }
+ 
+-uint16_t checksum_tcpudp_ipv6(struct ip6_hdr *ip6h, void *transport_hdr)
++uint16_t checksum_tcpudp_ipv6(struct ip6_hdr *ip6h, void *transport_hdr, 
uint16_t protocol_id)
+ {
+       uint32_t sum = 0;
+       uint32_t hdr_len = (uint32_t *)transport_hdr - (uint32_t *)ip6h;
+@@ -68,7 +74,7 @@
+               sum += (ip6h->ip6_dst.s6_addr16[i] >> 16) & 0xFFFF;
+               sum += (ip6h->ip6_dst.s6_addr16[i]) & 0xFFFF;
+       }
+-      sum += htons(IPPROTO_TCP);
++      sum += htons(protocol_id);
+       sum += htons(ip6h->ip6_plen);
+ 
+       return checksum(sum, (uint16_t *)payload, len);
+diff -Nru libnetfilter_queue-1.0.2.orig/src/extra/tcp.c 
libnetfilter_queue-1.0.2/src/extra/tcp.c
+--- libnetfilter_queue-1.0.2.orig/src/extra/tcp.c      2012-08-20 
19:36:17.985866277 +0200
++++ libnetfilter_queue-1.0.2/src/extra/tcp.c   2016-06-23 17:04:52.911859011 
+0200
+@@ -91,7 +91,7 @@
+ {
+       /* checksum field in header needs to be zero for calculation. */
+       tcph->check = 0;
+-      tcph->check = checksum_tcpudp_ipv4(iph);
++      tcph->check = checksum_tcpudp_ipv4(iph, IPPROTO_TCP);
+ }
+ EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv4);
+ 
+@@ -105,7 +105,7 @@
+ {
+       /* checksum field in header needs to be zero for calculation. */
+       tcph->check = 0;
+-      tcph->check = checksum_tcpudp_ipv6(ip6h, tcph);
++      tcph->check = checksum_tcpudp_ipv6(ip6h, tcph, IPPROTO_TCP);
+ }
+ EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv6);
+ 
+diff -Nru libnetfilter_queue-1.0.2.orig/src/extra/udp.c 
libnetfilter_queue-1.0.2/src/extra/udp.c
+--- libnetfilter_queue-1.0.2.orig/src/extra/udp.c      2012-08-20 
19:36:17.985866277 +0200
++++ libnetfilter_queue-1.0.2/src/extra/udp.c   2016-06-23 17:04:52.922859297 
+0200
+@@ -91,7 +91,7 @@
+ {
+       /* checksum field in header needs to be zero for calculation. */
+       udph->check = 0;
+-      udph->check = checksum_tcpudp_ipv4(iph);
++      udph->check = checksum_tcpudp_ipv4(iph, IPPROTO_UDP);
+ }
+ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4);
+ 
+@@ -110,7 +110,7 @@
+ {
+       /* checksum field in header needs to be zero for calculation. */
+       udph->check = 0;
+-      udph->check = checksum_tcpudp_ipv6(ip6h, udph);
++      udph->check = checksum_tcpudp_ipv6(ip6h, udph, IPPROTO_UDP);
+ }
+ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6);
+ 
+diff -Nru libnetfilter_queue-1.0.2.orig/src/internal.h 
libnetfilter_queue-1.0.2/src/internal.h
+--- libnetfilter_queue-1.0.2.orig/src/internal.h       2012-08-06 
14:50:10.596973900 +0200
++++ libnetfilter_queue-1.0.2/src/internal.h    2016-06-23 17:04:52.930859505 
+0200
+@@ -13,8 +13,8 @@
+ struct ip6_hdr;
+ 
+ uint16_t checksum(uint32_t sum, uint16_t *buf, int size);
+-uint16_t checksum_tcpudp_ipv4(struct iphdr *iph);
+-uint16_t checksum_tcpudp_ipv6(struct ip6_hdr *ip6h, void *transport_hdr);
++uint16_t checksum_tcpudp_ipv4(struct iphdr *iph, uint16_t protocol_id);
++uint16_t checksum_tcpudp_ipv6(struct ip6_hdr *ip6h, void *transport_hdr, 
uint16_t protocol_id);
+ 
+ struct pkt_buff {
+       uint8_t *mac_header;
-- 
1.7.12.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] libnetfilter_queue: fix checksum computation

Reply via email to