- skb_checksum_setup can only handle TCP/UDP protocols under top level
IP header, packets with other protocols (like GRE) are sent out by
Wireguard with unfinished partial checksums which causes problems on
receiving side (bad checksums).
- skb_encrypt gets skb prepared by network stack, so there is no need to
setup the checksum from scratch, but just perform hw checksum offload
using software helper skb_checksum_help for packet which explicitly
require it as denoted by CHECKSUM_PARTIAL.
Signed-off-by: Andrejs Hanins <ahan...@gmail.com>
---
src/send.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/send.c b/src/send.c
index 3af7ef3..1d021ae 100644
--- a/src/send.c
+++ b/src/send.c
@@ -151,9 +151,9 @@ static inline bool skb_encrypt(struct sk_buff *skb, struct
noise_keypair *keypai
if (unlikely(skb_cow_head(skb, DATA_PACKET_HEAD_ROOM) < 0))
return false;
- /* We have to remember to add the checksum to the innerpacket, in case
the receiver forwards it. */
- if (likely(!skb_checksum_setup(skb, true)))
- skb_checksum_help(skb);
+ /* Finalize checksum calculation for the inner packet, if required. */
+ if (skb->ip_summed == CHECKSUM_PARTIAL && skb_checksum_help(skb))
+ return false;
/* Only after checksumming can we safely add on the padding at the end
and the header. */
skb_set_inner_network_header(skb, 0);
--
2.17.1
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
