CVS commit: src/sys/net/npf

Sat, 07 Apr 2018 02:20:55 -0700 

Module Name:    src
Committed By:   maxv
Date:           Sat Apr  7 09:20:25 UTC 2018

Modified Files:
        src/sys/net/npf: npf_ext_normalize.c

Log Message:
Fix an inverted logic.

nbuf_cksum_barrier returns true when the direction is PFIL_OUT and TSO is
active; that is to say, it returns true when the checksum was already
recomputed by the function.

The check should be !nbuf_cksum_barrier, because otherwise we're wrongfully
checksumming twice, and it causes the packet to be kicked later in
tcp_input.

This can be seen with a configuration of the type:

        procedure "norm" {
                normalize: "max-mss" 15000
        }
        group default {
                pass all apply "norm"
        }

The packets systematically get dropped because the checksum validation in
tcp_input fails. With this patch in place, it works.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/sys/net/npf/npf_ext_normalize.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/npf/npf_ext_normalize.c
diff -u src/sys/net/npf/npf_ext_normalize.c:1.6 src/sys/net/npf/npf_ext_normalize.c:1.7
--- src/sys/net/npf/npf_ext_normalize.c:1.6	Sun Dec 10 00:07:36 2017
+++ src/sys/net/npf/npf_ext_normalize.c	Sat Apr  7 09:20:25 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ext_normalize.c,v 1.6 2017/12/10 00:07:36 rmind Exp $	*/
+/*	$NetBSD: npf_ext_normalize.c,v 1.7 2018/04/07 09:20:25 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -28,7 +28,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_normalize.c,v 1.6 2017/12/10 00:07:36 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_normalize.c,v 1.7 2018/04/07 09:20:25 maxv Exp $");
 
 #include <sys/types.h>
 #include <sys/module.h>
@@ -186,7 +186,7 @@ npf_normalize(npf_cache_t *npc, void *pa
 	 * WARNING: must re-fetch the TCP header after the modification.
 	 */
 	if (npf_fetch_tcpopts(npc, &maxmss, &wscale) &&
-	    nbuf_cksum_barrier(npc->npc_nbuf, mi->mi_di)) {
+	    !nbuf_cksum_barrier(npc->npc_nbuf, mi->mi_di)) {
 		th = npc->npc_l4.tcp;
 		cksum = npf_fixup16_cksum(th->th_sum, mss, maxmss);
 		th->th_sum = cksum;

Reply via email to