pf_send_tcp: ask the stack to do the cksum instead of doing it manually

Thu, 23 Jan 2014 22:16:12 -0800 

this is used for return-rst for example.
not surprisingly just works here.

Index: net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.866
diff -u -p -r1.866 pf.c
--- net/pf.c    23 Jan 2014 23:51:29 -0000      1.866
+++ net/pf.c    24 Jan 2014 06:03:35 -0000
@@ -2375,15 +2375,21 @@ pf_send_tcp(const struct pf_rule *r, sa_
        m->m_data += max_linkhdr;
        m->m_pkthdr.len = m->m_len = len;
        m->m_pkthdr.rcvif = NULL;
+       m->m_pkthdr.csum_flags |= M_TCP_CSUM_OUT;
        bzero(m->m_data, len);
        switch (af) {
 #ifdef INET
        case AF_INET:
                h = mtod(m, struct ip *);
-
-               /* IP header fields included in the TCP checksum */
                h->ip_p = IPPROTO_TCP;
                h->ip_len = htons(tlen);
+               h->ip_v = 4;
+               h->ip_hl = sizeof(*h) >> 2;
+               h->ip_tos = IPTOS_LOWDELAY;
+               h->ip_len = htons(len);
+               h->ip_off = htons(ip_mtudisc ? IP_DF : 0);
+               h->ip_ttl = ttl ? ttl : ip_defttl;
+               h->ip_sum = 0;
                h->ip_src.s_addr = saddr->v4.s_addr;
                h->ip_dst.s_addr = daddr->v4.s_addr;
 
@@ -2393,10 +2399,10 @@ pf_send_tcp(const struct pf_rule *r, sa_
 #ifdef INET6
        case AF_INET6:
                h6 = mtod(m, struct ip6_hdr *);
-
-               /* IP header fields included in the TCP checksum */
                h6->ip6_nxt = IPPROTO_TCP;
                h6->ip6_plen = htons(tlen);
+               h6->ip6_vfc |= IPV6_VERSION;
+               h6->ip6_hlim = IPV6_DEFHLIM;
                memcpy(&h6->ip6_src, &saddr->v6, sizeof(struct in6_addr));
                memcpy(&h6->ip6_dst, &daddr->v6, sizeof(struct in6_addr));
 
@@ -2425,17 +2431,6 @@ pf_send_tcp(const struct pf_rule *r, sa_
        switch (af) {
 #ifdef INET
        case AF_INET:
-               /* TCP checksum */
-               th->th_sum = in_cksum(m, len);
-
-               /* Finish the IP header */
-               h->ip_v = 4;
-               h->ip_hl = sizeof(*h) >> 2;
-               h->ip_tos = IPTOS_LOWDELAY;
-               h->ip_len = htons(len);
-               h->ip_off = htons(ip_mtudisc ? IP_DF : 0);
-               h->ip_ttl = ttl ? ttl : ip_defttl;
-               h->ip_sum = 0;
                if (eh == NULL) {
                        ip_output(m, (void *)NULL, (void *)NULL, 0,
                            (void *)NULL, (void *)NULL);
@@ -2462,13 +2457,6 @@ pf_send_tcp(const struct pf_rule *r, sa_
 #endif /* INET */
 #ifdef INET6
        case AF_INET6:
-               /* TCP checksum */
-               th->th_sum = in6_cksum(m, IPPROTO_TCP,
-                   sizeof(struct ip6_hdr), tlen);
-
-               h6->ip6_vfc |= IPV6_VERSION;
-               h6->ip6_hlim = IPV6_DEFHLIM;
-
                ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL);
                break;
 #endif /* INET6 */


-- 
Henning Brauer, [email protected], [email protected]
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Reply via email to