Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8bd17075 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller
Browse files

[IPSEC] esp: Remove NAT-T checksum invalidation for BEET 



I pointed this out back when this patch was first proposed but it looks like
it got lost along the way.

The checksum only needs to be ignored for NAT-T in transport mode where
we lose the original inner addresses due to NAT.  With BEET the inner
addresses will be intact so the checksum remains valid.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f24e3d65

net/ipv4/esp4.c

+1 −2
Original line number Diff line number Diff line
@@ -261,8 +261,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) 
		 *    as per draft-ietf-ipsec-udp-encaps-06,

		 *    section 3.1.2

		 */

		if (x->props.mode == XFRM_MODE_TRANSPORT ||

		    x->props.mode == XFRM_MODE_BEET)

		if (x->props.mode == XFRM_MODE_TRANSPORT)

			skb->ip_summed = CHECKSUM_UNNECESSARY;

	}